last executing test programs: 2.872812047s ago: executing program 2 (id=1505): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', 0xffffffffffffffff, 0x0, 0x10000001}, 0x18) socket$kcm(0x29, 0x2, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xa, 0x4, 0x7fe2, 0x1}, 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000001c0)='mm_page_free\x00', 0xffffffffffffffff, 0x0, 0x6}, 0x18) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c000000020681010000000000000000000000000500050002000000050001000700000005000400030000000900020073797a310000000011000300686173683a6e65742c6e6574"], 0x4c}, 0x1, 0x0, 0x0, 0x4040000}, 0x800) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000340)='kfree\x00', r3, 0x0, 0x200000000}, 0x18) sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)={0x50, 0x9, 0x6, 0x201, 0x0, 0x0, {0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x28, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @remote}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @rand_addr=0x64010101}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0xd24f4d5778621d46}, 0x4) 2.848932307s ago: executing program 2 (id=1506): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$FS_IOC_GET_ENCRYPTION_NONCE(r0, 0x8010661b, &(0x7f00000000c0)) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000080)={r0, 0xffffffffffffffff, 0x2d, 0x0, @val=@netfilter={0x2, 0x0, 0x6, 0x1}}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', 0xffffffffffffffff, 0x0, 0xfffffffffffffffd}, 0x18) creat(&(0x7f00000000c0)='./file0\x00', 0xfc) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2(&(0x7f0000000000)={0x0, 0x0}, 0x0) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x1, 0x81, 0x1ff, 0x801, 0x1}, 0x1c) syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), 0xffffffffffffffff) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000280)='kfree\x00'}, 0x18) socket$nl_generic(0x10, 0x3, 0x10) sendmmsg(r2, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) bind$tipc(r2, 0x0, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) 2.701047229s ago: executing program 2 (id=1508): perf_event_open(&(0x7f0000000680)={0x2, 0x80, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x1, 0x0, 0x0, 0x0, 0x80000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_clone(0xe50c1700, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f00000000c0)={'syztnl1\x00', &(0x7f0000000040)={'ip6gre0\x00', 0x0, 0x29, 0xaa, 0x2, 0x8, 0x20, @loopback, @remote, 0x0, 0x87, 0xe, 0xb5}}) syz_io_uring_submit(0x0, 0x0, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffff56}) socket$inet6(0xa, 0x3, 0x4) socket(0x10, 0x2, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) r3 = socket$kcm(0x10, 0x2, 0x0) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r3, 0x8982, &(0x7f0000000400)={0x0, 'batadv0\x00', {0x5}}) r4 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) waitid(0x1, r4, 0x0, 0x4, 0x0) sendmsg$nl_route(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=@dellink={0x20, 0x11, 0x1, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, 0x1480, 0x2104}}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x80) 2.69244736s ago: executing program 3 (id=1510): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$fou(0x0, r0) syz_mount_image$vfat(&(0x7f0000000ec0), &(0x7f0000000180)='./file1\x00', 0x420c, &(0x7f00000005c0)=ANY=[], 0x6, 0x364, &(0x7f00000005c0)="$eJzs3c1rM0UcwPFfYpImKW1yEEVBOtiLXpY2ehaDtCAELG0jtoKwbTcasiYlG6oRse1Fr+Ldk+Ch9GbBQ0H9B3rxphcRvPUieLAHffZh35JNsulLmr48fb4fKJnMzG8zm5mU36bd3dP3vv64VrG0it6SeFpJTETkTCQvcQnE/Me4W05J2J68OvnPby+trJXTXoVaLK6+VlBKTc/89MnnGb/b8YSc5D84/bvw18lzJy+cPlr9qGqpqqXqjZbS1Ubjj5a+YRpqq2rVNKWWTEO3DFWtW0bTa//B347Z2N5uK72+NZXdbhqWpfR6W9WMtmo1VKvZVvqHerWuNE1TU1nBRcoHy8t6ccTgzTEPBuPwzGBVs1nUnerMQEv54HYGBQAA7pP+/D/upPSj5P/rMl0qLaSV07mb/x++/Etr8t2jaT//P05F5f+v/+5tqyf/dw4nuvl/wzs+qFyc/38rV8j/BzOih+rLyNqR8//8tQeEcZlJDVTFep45+X/W//y69t8/nHML5P8AAAAAAAAAAAAAAAAAAAAAADwJzmw7Z9t2LngMfrqnEPjP8SANm/8JEUk7s28z/w/Zytq6pEulhWXlzLH51U55p+w99nQz/rf7OWsjOPNIOfLys7nrx+/ulL0LERQrUhVTDJmXnOTd9RSKt+3Ft0sL88rjx3dOU8qG4wuSk2fD8T+6q9OJL/TG+6+fkldmQ/Ga5OTXTWmIKVtuZPf1v5hX6q13Sn3xGbefiPx5i9MBAAAAAMCN0FRH5PG7pg1r964yUqy4XxMZMic5+S/6+H4u8vg8kXsxcdd7DwAAAADA08Fqf1bTJW403YJpRhUyMrRpDIVET01SRCI7p/pqkudtOXwThMuOJyXeHUyuu1/fBe/qVaKCf6RwBt5p8u+oIqONJ9h/tyaWGH2aYnviLoC9cFNcLhGe6B/8jFOhIjvPDt3Ovr8jnZrga6PUkPdZlga3Ez9nJSQHauzYaAvg+W++/3d8H5A3jvwV8OnFnfdNw96Vy0xKX8F5icGm5I3/4gEAAABw67pJf1DzZrg5fCOR8M1y+Ms9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjdCOX9Osr3PU+AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPfF4wAAAP//EZjypg==") r1 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, 0x0, 0x0) socket$packet(0x11, 0xa, 0x300) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) bind$packet(r2, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000580)={{r3, 0xffffffffffffffff}, &(0x7f00000004c0), &(0x7f0000000540)}, 0x20) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000c4f900000000000800001418110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x10) ustat(0x3, 0x0) statfs(&(0x7f0000000000)='./file1\x00', &(0x7f0000000340)=""/236) 2.436770304s ago: executing program 3 (id=1512): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000a40)=@base={0xa, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x4}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$FS_IOC_GETFSUUID(r0, 0x80111500, &(0x7f0000000240)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r1}, 0x18) socket$inet6_sctp(0xa, 0x1, 0x84) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e00000004000000080000000100000000000000", @ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000400"/27], 0x48) r3 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0) sendto$packet(r3, &(0x7f0000000280)='\x00', 0x1, 0x0, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0xf6, 0x6, @random="5afe8b181d50"}, 0x14) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) r4 = syz_usbip_server_init(0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$usbip_server(r4, &(0x7f0000003480)=ANY=[], 0xfda) socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r2}, 0x0, 0x0}, 0x20) 1.921817111s ago: executing program 2 (id=1515): sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x10) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x200}, 0x1c) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r3 = accept(r1, 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0xd0}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000012c0)={{0x14}, [@NFT_MSG_NEWRULE={0x44, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @redir={{0xa}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x6c}}, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)=ANY=[], 0xfffffdef}, 0x1, 0x0, 0x0, 0x2400c840}, 0x0) connect$unix(r3, &(0x7f0000000140)=@file={0x0, './file0\x00'}, 0x6e) 1.862441812s ago: executing program 1 (id=1516): bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5}, 0x38) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000600)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x3, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0, 0x0, 0x3}, 0x18) syz_read_part_table(0x59d, &(0x7f0000000000)="$eJzs0r1Lu1cUB/CbgIRCJSKCgx0Eg0ujQhx0SAYrMWQxIlYcnAUHHQQHB0mJzr78A4pvIC5iZ0cxgijESTKKc0FxyZTS+hTa2qUtpvTH57OEe8+59+TyfQL/a/HwU7PZjIUQmom/f/r7s/xEsXdqbHomhFiYDyHkv/n610os6vjt1otoXYrWxUSmdnA7/nrWcdf3UE0dxaP6ZTyEH0IIS0/HyX/7Nr5857nr5MbmSmFrLbf4WFh/Hl4YyPds55d3Rw6z5dnu7Fz0YV3GWzM/VRs9uW+WXvbaB9uqtUbmJupLxz5nPv+tP+e/31WpVxqT/aerQ+nO+lV5J8r9Tf4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAnO89dJzc2Vwpba7nFx8L68/DCQL5nO7+8O3KYLc92Z+fi732X8dbMT9VGT+6bpZe99sG2aq2RuYn60rEPR7/78XP+Ei30bfhj/vtdlXqlMdl/ujqU7qxflXei3N8+5g8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8JfyE8XeqbHpmRBiYT6EMB7vOP5lv5l4r8eivovotxTtFxOZ2sHt+OtZx13fQzV1NJUIIfG7e5eejpNftfIh/CM/BwAA//8514ZQ") r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r3 = dup(r2) connect$inet(r3, &(0x7f0000000000)={0x27, 0x0, @private=0xa010101}, 0x60) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffd98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r3, 0x89f8, &(0x7f0000000700)={'tunl0\x00', &(0x7f0000000680)={'syztnl1\x00', 0x0, 0x20, 0x1, 0x7, 0x8c00, {{0x17, 0x4, 0x0, 0x5, 0x5c, 0x64, 0x0, 0x2, 0x4, 0x0, @local, @local, {[@ra={0x94, 0x4}, @timestamp_prespec={0x44, 0x44, 0x6a, 0x3, 0x6, [{@private=0xa010102, 0x7f}, {@remote, 0x7}, {@empty, 0x9}, {@empty, 0x8001}, {@rand_addr=0x64010101, 0xd}, {@empty, 0xedf}, {@broadcast, 0x6}, {@broadcast, 0x9}]}]}}}}}) bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000740)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r4, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10) openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) syz_clone(0x40020400, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000008c0)=ANY=[@ANYBLOB="54000000000801010000ffffe00000000a000000050003002f0000000600024000000000240004800800024000000000080001400000fcff07000140800000010800014080000001090001"], 0x54}, 0x1, 0x0, 0x0, 0x4004}, 0x28040000) 1.719160214s ago: executing program 0 (id=1519): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) r2 = syz_open_dev$sg(0x0, 0x0, 0x8002) ioctl$SCSI_IOCTL_GET_PCI(r2, 0x5393, &(0x7f0000000000)) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r3, 0x40182103, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0) r4 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) ioctl$BLKTRACESETUP(r4, 0xc0481273, &(0x7f0000000280)={'\x00', 0x7e, 0x1000, 0x5c8, 0x80000003, 0x6}) ioctl$BLKTRACETEARDOWN(r4, 0x1276, 0x0) 1.685578575s ago: executing program 4 (id=1521): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = socket(0x10, 0x2, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r1}, &(0x7f0000000000), &(0x7f00000005c0)=r2}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r4, &(0x7f0000000340)={0xa, 0x3, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0xfffffffe}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x1, &(0x7f0000000080)=@gcm_128={{0x304}, "a6341a1a379332f5", "1fd33c81cf7995313c09de00fd6ded74", "62266bd8", "1e00040000000100"}, 0x28) write$binfmt_script(r4, &(0x7f0000000500)={'#! ', './file0'}, 0xb) close_range(r0, r4, 0x0) 1.662179685s ago: executing program 4 (id=1522): socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000006c0)) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$inet6_udp(0xa, 0x2, 0x0) pipe(&(0x7f00000009c0)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)) socket$inet_udp(0x2, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000005c0)) socket$inet_tcp(0x2, 0x1, 0x0) socket$inet6(0xa, 0x800000000000002, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) memfd_create(&(0x7f0000000bc0)='\xc0\x87:*\x18\xc1k\xa7\x87[\xa0o84I\xaaK\xa5\xd3\v\x86\xca<\x7f\xfd6\x8d}\xd8\xf2G\xb8\xeae)\x90\x86\xe3\x96\b\xe0\xfa\xb1\xd8N\xb2W\xcb\x8d}3lm8\xa57\xc9\x00HO\x00\x00\x00\x00R\xfc\xcb%u3\xec\xde%\x9d\xe4\x1d\rD\x82S\x17?\xd6\xb1\x9aF\xe2\xba[\xc7QR\x9f\x81\x8b\xdc\xc7\xdc\xdem\xbe\x7f2\x11\x17\xd8\xda@4\x9f\xc5*T\x1e^\xf7o\xff\xff\xff\xffwI\x02\xf3\xe3\x8d.\xd1=\xcf\xbf\x81\xb5\x8d%K\x1d\xe7_\xde\x87\xdd\xc1\xf0\x91\x1a!\xa5\xd3\v\xc9\x95d\xe3*\xa9\xfa\x99\xae\xb8\x89>\xc9\xf2/\x13{\x1a\x7f\x00\x00\x00\x00+$\xedX\xb7KV\x90\xc3D-\xf3\x8c\x9a\x15\x9c\xf5\xb4O\x17@d\x81+\xf6\xe6+\xed\r\xd2\xb3\xaa\x9b\x7fC\'\xa2\xf6\x12\xa1\x15Punfo\x7f\x92G\x0e.\xce\xd8h\xb9p2\xccC\xbaH\xc4\xdc\xe2\xa1%)\x85\xc7O]\'9\x92\xad\xfbJ\x02\x1d\x91-\xc99\t&\xbdq\x06`T\xc8\x92\xaf\xad\x06\xdd\xaf\x84\xf4\"\x13\xcf\xe5\x93D\xad~F\xe5\x19\xaa\xaa\xb2\xb1\x03m\x82+\x06\x1bF^\xd3n\xc4F\xc1\xc08\x94\xe6\xe5\x1f\xa7\xf6\xcaA\x90T\xf1\x1b\xe6\xb9\xe7\xff\xc5H\x04\x93\xca\xad\x17UlY\x9a}\r4\xac\x93\xac\v2\xc6\xf9\xbe\xfeI\x8b\xd4/`\xab\x1e\xcf\x7f\b\x94\xfe2.{\xc1\xbe\x9bth~\xcb\xb9E\x10W\xed\xed51[z\xb6>\xd3\xe7Y*\xdb\xa7h\nt\xddP\n\xc5\xeb\xb1ux\x94@\x00\x00g\x02D9\x83\xa7\x97\xf4\xb25wL\x97\xfb\xb9\xccj\xb3\x96\xc1@\xee`{\x87\xa8]\x96\x9cjF^+\xcc1l\xcbmA,5\xc4J\xcab\xa6\x91\xa0\xeaU\x92\x01\x1f,\xfa\x10\"+\x01\x00\x91\xe9\x1cz\xd1f\x901\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00o\"\x85Np\xba\x0e<\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb8V\xe4\xa1C\x90\x17\xcc{\x9d\xf1\xbd\xb0\xca\x03\x96\x85h}\x8f\x1c)X\xc83rA\x90r\xb6\xba!;\x95\xaf\xe0\xcb\xec\xcd$\x02f\x8c4\x1aH\x8fC\xbfr\xd39\x92\x1fShu\x9e\b\xd4m\xa8\x16\xa6\xd5\xae\xcb\x03oFQ\"\xf7F\xb7\vp\xb6\xe5\x92\xe2O}.\x95A\x9bH\x8d\xa1\x80\x1b\x14u\xfdK\xce\xaf\x94i\xf1s\xf7\xb8Jq\xcb3=M\x84\x7f\x181/\x9bQ|4\xaf\xcf\r\xcfz Z\x19\xad_\x13\x99\xf7\xfdOD\xd3\x9d\x9d\xb8d5g\xf1\x84\xbd\xe5\xa2\xb3\xda\x82\x10n1\xed\xba\xe3\x96\x85\"\xb6\xa6n\xe7\xfd\xd4\a\x97\x85\x810/\xc4o\x11\xc8\x1b\xc0\f\xeec\xa4\x7f|P\x00\x00\x00\x000p\xaf\xfdk\xac\xcc\xac`\xc9\a<\xadIt\x9b\xeb\x8a\xfe\x9b\aO\xa5?h\xe1B\xa8C\x8e;/\xa8\x94\x1bs\xf0\xa9>\x9e\xff\xc9\xd2\x00h\xcb\xfb\xb6Y\xbfp\xd8\x90\x96\xec\x83N\x8bNnx\xb6\x16Y\xf8sU\xae\xa0\b\x8cLq\n\x1f\x99t\xb6\xffozu\xa0B(\xe9?\xcdA\xba\xa8\x13Qc\xda\x16?\xe8z\x8f\x862!\xbf\xa4\xb8\x9bC\xe9Od\xe8\xd32m\x06RX\x7f\xf7\xc2\n\x94\xe5P:l\xd9\xd5\xbd\rH6-\x8a\x12m\xff\xe9\xa0\r\tk\xda\xa4q(\xae\\\xb6\x14I\xf7\xe0z\xf10xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) shmat(0x0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff) preadv2(r0, &(0x7f00000004c0)=[{&(0x7f00000000c0)=""/139, 0x8b}], 0x1, 0x867, 0x0, 0x0) 1.646751695s ago: executing program 0 (id=1524): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=@base={0x7, 0x4, 0x100, 0x1, 0x28}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18) kexec_load(0x0, 0x0, 0x0, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, 0x0, 0x0) r3 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, 0x0, 0x0) r4 = socket(0x10, 0x3, 0x0) connect$netlink(r4, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x25dfdbff, 0x20}, 0xc) sendmsg$nl_route_sched(r4, &(0x7f0000000080)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000001540)=@newtaction={0x18, 0x31, 0x829, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x0) 1.632060436s ago: executing program 1 (id=1525): socket(0xa, 0x1, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'geneve1\x00', 0x0}) syz_emit_ethernet(0xac, 0x0, 0x0) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f00000004c0)={r1, 0x3, 0x6, @broadcast}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000a40)=ANY=[@ANYBLOB="14010000160001040000000000000000e0000001000000000000000000000000ff010000000000000000000000000001ab13a6979d621eb1830c8e192e00000fd100000002020000000c0000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac1e010100000000000000000000000000000000330000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000080010000800000000000000000000000000000000000000000010100000000000000000000000000000000000000000000000800000000000004000000060000000004000000000000000000000a000000940000000000000000000000ad04000014000e00ff0200000000000000000000000000010800160002000000"], 0x114}, 0x1, 0x0, 0x0, 0x20040080}, 0x0) openat$selinux_load(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$TIOCGSID(r2, 0x5429, &(0x7f0000000380)) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000003c0)={0x0, 0x2890}, 0x1, 0x0, 0x0, 0x4004050}, 0x4040804) sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x8000) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(0xffffffffffffffff, 0xc05c5340, &(0x7f0000000080)={0x0, 0x9, 0x0, {0x0, 0x4}, 0x4, 0x3}) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x37, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xd}, 0x4c58, 0x10000, 0x0, 0x1, 0x8, 0x20002, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000000)={r1, 0x1, 0x6, @random="790c7edd3d8d"}, 0x10) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)=@getchain={0x24, 0x11, 0x1, 0x0, 0x2000001, {0x0, 0x0, 0x0, r1, {0x7}, {0xd}, {0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x20048054) 1.602817006s ago: executing program 4 (id=1526): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000800000000"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) r3 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_TX_RING(r3, 0x11b, 0x3, &(0x7f0000000380)=0x20000, 0x4) setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f0000000100)={&(0x7f0000000000)=""/5, 0x204000, 0x1000}, 0x20) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) setsockopt$XDP_UMEM_COMPLETION_RING(r3, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) setsockopt$XDP_UMEM_FILL_RING(r3, 0x11b, 0x5, &(0x7f0000000040)=0x4000, 0x4) bind$xdp(r3, &(0x7f00000002c0)={0x2c, 0x4, r5, 0x2000}, 0x10) 1.505439108s ago: executing program 0 (id=1527): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x300000c, 0x50032, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000740), 0x1, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r1, 0x0, 0x2}, 0x18) r2 = gettid() process_vm_writev(r2, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0x7ffff000}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(0xffffffffffffffff, 0x28, 0x1, &(0x7f0000000380)=0xfffffffffffff800, 0x12) bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000940), 0x10) listen(0xffffffffffffffff, 0x0) r3 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r3, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10) writev(r3, &(0x7f00000002c0)=[{&(0x7f0000000080)='?', 0x20000081}], 0x1) 1.504891217s ago: executing program 4 (id=1528): ioprio_set$uid(0x3, 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) gettid() ioprio_get$pid(0x3, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket(0x10, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x37, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xd}, 0x4c58, 0x10000, 0x0, 0x1, 0x8, 0x20002, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x808000, 0x4, 0x20300, 0xfc}, 0x1c) close(r0) 1.458985188s ago: executing program 0 (id=1529): r0 = socket$inet6(0xa, 0x3, 0x1) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) accept$unix(0xffffffffffffffff, &(0x7f0000000000)=@abs, 0x0) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b707000008000000850000006900000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) sendmsg$netlink(r1, 0x0, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0xb6f8000) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lsm_set_self_attr(0x69, 0x0, 0x42, 0x0) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7f}, 0x94) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x40, 0x1, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40082, 0x2, @perf_bp={0x0, 0x1}, 0x1100, 0x5, 0x3a65, 0x5, 0x0, 0x8, 0xfffb, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xe, 0x0, &(0x7f0000000080)="259a53f271a76d2688ca4c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 979.867605ms ago: executing program 2 (id=1530): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x550, 0x1c0, 0xffffffff, 0xffffffff, 0x1c0, 0xffffffff, 0x480, 0xffffffff, 0xffffffff, 0x480, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0x1a0, 0x1c0, 0x60030000, {0x0, 0xff000000}, [@common=@inet=@recent0={{0xf8}, {0x81, 0x0, 0x24, 0x0, 'syz1\x00'}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x298, 0x2c0, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x2b4, 0x1, 0x2, 'syz0\x00'}}, @common=@inet=@recent0={{0xf8}, {0x0, 0x1300, 0x4, 0x0, 'syz0\x00'}}]}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0xffffffffffffffff, 0xfd}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5b0) 979.580366ms ago: executing program 4 (id=1531): r0 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x8c, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r1, {0x0, 0xc}, {0xffff, 0xffff}, {0x2, 0x10}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfd], 0x0, [0x8, 0x4, 0x2, 0x0, 0x8, 0xb6ce, 0x0, 0x0, 0x0, 0xffff], [0x100, 0x8, 0x0, 0xfffc, 0x0, 0x0, 0x20, 0x0, 0x6]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x20004840}, 0x48010) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d, 0x0, 0x0, 0x0}, 0x94) r4 = fsopen(&(0x7f00000000c0)='selinuxfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0x0) fsconfig$FSCONFIG_SET_PATH_EMPTY(r4, 0x4, &(0x7f0000000000)='dirsync\x00', &(0x7f0000000040)='./file0\x00', r5) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='proc\x00', 0x0, 0x0) chroot(&(0x7f0000000000)='./file0/../file0\x00') mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) pivot_root(&(0x7f00000001c0)='./file0\x00', &(0x7f00000000c0)='./file0\x00') 836.002477ms ago: executing program 4 (id=1532): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000003680)='sched_switch\x00', r0}, 0x10) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000480)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, 0x0, 0x0) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r4, &(0x7f0000000100)=@in4={0x21, 0x1, 0x2, 0x10, {0x2, 0x4e20, @broadcast}}, 0x24) r5 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r5, &(0x7f0000000100)=@in4={0x21, 0x1, 0x2, 0x10, {0x2, 0x4e20, @broadcast}}, 0x24) 816.908438ms ago: executing program 1 (id=1533): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00'}, 0x10) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$VFAT_IOCTL_READDIR_SHORT(0xffffffffffffffff, 0x82307202, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000c80)=@raw={'raw\x00', 0x3c1, 0x3, 0x3a0, 0x2e0, 0x940c, 0x3002, 0x2e0, 0x2c0, 0x3f0, 0x3d8, 0x3d8, 0x3f0, 0x3d8, 0x3, 0x0, {[{{@uncond, 0x0, 0x1a0, 0x1e8, 0x4001, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x4001, 0x1, 0x3, 'syz0\x00'}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@loopback, 'virt_wifi0\x00'}}}, {{@uncond, 0x0, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x1, 0xbe, {0x565159d7}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x400) syz_genetlink_get_family_id$SEG6(0x0, 0xffffffffffffffff) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, 0x0, 0x0) r1 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000080)={0x0, {{0xa, 0x6, 0x0, @mcast1={0xff, 0x7}, 0x8a4}}, {{0xa, 0x4e20, 0x8100, @remote}}}, 0x108) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x10) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) sendmsg$netlink(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001d40)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="2c00000010008100000000000080000000000000", @ANYRES32=0x0, @ANYBLOB="0a043cbf", @ANYRES32, @ANYBLOB="0a001b"], 0x2c}], 0x1}, 0x0) 701.31409ms ago: executing program 3 (id=1534): setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000040)={0x0, 0x0}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x0, 0x20000}, 0x18) syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f00000005c0)={[{@nolazytime}, {@jqfmt_vfsold}, {@journal_path={'journal_path', 0x3d, './file0/../file0'}}, {@noquota}, {@nodioread_nolock}, {@journal_checksum}, {@data_err_abort}], [{@seclabel}]}, 0x3, 0x473, &(0x7f0000000640)="$eJzs3M1vG0UbAPBn7Tht+pW8Vd9CP4AgQJQCSZOW0gMXEEgcQEKCQzmGJK1K0wY1QSJVBQGhckSVOHFBHJH4CzjBBcENiQsHuKNKFeqlhZPRZncT2zhpmjpepf79pHVndtedeTwz9uxO7AB61nD6kETsiojfI2IwyzafMJz9c/vmlcm/b16ZTKJef/OvpC89fOvmlcXi1OJ5O4tMX0Tl0yQOtSl3buHy+YmZmelLeX50/sJ7o3MLl589d2Hi7PTZ6Yvjp06dOD72/Mnx5zoSZxrXrYMfzh4+8Orb116fPH3tnZ+/TYr4szgmO1LQiuG1Dj5Rr3e4uHLtbkhnPYOtoJoN06gtjf/BqMZK4w3GK5+UWjlgU9Xr9fr+5Vyt9fBiHbiPJVF2DYByFB/06fVvsXVx+lG6Gy9mF0Bp3LfzLTvSF5X8nFrL9W0nDUfE6cV/vkq32Jz7EAAATb5P5z/PtJv/VWJ/w3l78jWUoYj4X0TsjYiTEbEvIv4fsXTuAxHx4F2W37pIkpU/0LCncn2jsa1HOv97IV/bap7/FbO/GKrmud1L8deSM+dmpo/lr8mRqG1L82NrlPHDy79+vtqxxvlfuqXlF3PBvB7X+7Y1P2dqYn7iXmJudOPjiIN97eJPllcCkog4EBEHN1jGuaPfHF7t2J3jX0MH1pnqX0c8mbX/YrTEX0jWXp8c3R4z08dGi17Rxi9X31it/HuKvwPS9t/Rtv8vxz+UNK7Xzt3N//7lU+nj1T8+W/WaZqP9vz95q2nfBxPz85fGIvqT17JKN+4fbzlvfOX8NP4jj7Uf/3tj5ZU4FBFpJ34oIh6OiEfyuj/62547vgo/vfT4uy27qivxD5Te/lPrb//6YETRERb6I08s72mfqJ7/8bumQodWko3tv2fV9j+xlDqS71nP+9966nW3vRkAAAC2qkpE7IqkMrKcrlRGRrK/4d8XOyozs3PzT5+Zff/iVPYdgaGoVYo7XYMN90PH8sv6Ij/ekj+e3zf+ojqwlB+ZnJ2ZKjt46HE7Vxn/qT+zu5Tbyq0hsKl8Xwt6l/EPvcv4h9713/G/vTlb6V5dgO5q8/k/UEY9gO5rHv/Zj4B8tJ4n7tqc+gDd0/L5Xy2rHkD3uf8HvWsj4997Btwf+tb6yeb+rlYF6J65gbjzl+QltlKiWK3djCJqaW85GhELl6NSeqQSm5go+50JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgM/4NAAD//55o4Oc=") mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0xd4) r1 = dup2(r0, r0) ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000000)={'\x00', 0x0, 0x200000a, 0x1, 0x8}) getdents64(0xffffffffffffffff, &(0x7f0000000080)=""/95, 0x5f) utimes(0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000009006000000000000000000000a44000000090a0000000000fa82a3fa211411fa0008000a40000000000900020073797a31000000000900010073797a30000000000800054000000000080008400000000014000000110001"], 0x6c}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="1400000010000100000000000000000000fc000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30"], 0xec}}, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) 411.587244ms ago: executing program 0 (id=1535): set_mempolicy(0x3, &(0x7f0000000000)=0x4000000ffb, 0x8) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000001c000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) r1 = socket$caif_stream(0x25, 0x1, 0x0) sendmmsg$inet(r1, &(0x7f0000000040)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000000)="92", 0x1}], 0x1}, 0x1000000}], 0x2, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0xb, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000400001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300009ea10000850000000600000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='mm_page_alloc\x00', r2}, 0x18) socket$inet6(0xa, 0x80002, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70200001400001cb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) r4 = io_uring_setup(0x6c4, &(0x7f0000000080)={0x0, 0x4075, 0x18, 0x2}) io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x300000c, 0x50032, 0xffffffffffffffff, 0x0) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r4, 0x10, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000002700)=""/4096, 0x1000}], 0x0, 0xa}, 0x20) 355.369425ms ago: executing program 1 (id=1536): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f00000003c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) unshare(0x2040600) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0xc000, &(0x7f0000000380), 0x2, 0x24d, &(0x7f0000000440)="$eJzs3T9oJFUcB/DvzO4ac7fIqY0g/gER0UA4O8HmbBQO5DhEBBVORGyUixAT7LJWNhZaq6SyCWJntJQ0wUYRrKKmiI2gwcJgocXK7iQSNytqNtk5Mp8PTGYm89783rDzfbvN7AZorAtJLiVpJZlL0klSHG5wb7Vc2N9dnd28lvT7T/1SDNtV+5WDfueT9JI8kmSjLPJKO1lef27nt60nHnh7qXP/h+vPzk71Ivft7mw/uffBlbc+ufzw8lff/HSlyKV0/3ZdJ68Y8792kdx2GsVuEEW77hHwX1x94+NvB7m/Pcl9w/x3UqZ68d5ZvGmjk4fe/6e+7/789Z3THCtw8vr9zuA9sNcHGqdM0k1Rzieptstyfr76DP9d61z56sLi63MvLyxdf6numQo4Kd1k+/HPZj49P5L/H1tV/oGza5D/p6+ufT/Y3muNHOzP1DMo4HTdVa0G+Z97YeXBjMs/cKbJPzSX/ENzyT80l/xDc8k/NJf8wxnWOdjojT0s/9Bc8g/NJf/QXIfzDwA0S3+m7ieQgbrUPf8AAAAAAAAAAAAAAAAAAABHrc5uXjtYplXzi/eS3ceStMfVbw1/jzi5efj33K/FoNlfiqrbRJ6/Z8ITTOijmp++vuWHeut/eXe99VeuJ703k1xst4/ef8X+/Xd8t/7L8c6LExb4n4qR/UefmW79UX+s1Vv/8lby+WD+uThu/ilzx3A9fv7pHv6K5WN67fcJTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDU/BkAAP//d4lu0g==") mkdir(0x0, 0x0) listxattr(0x0, 0x0, 0x0) r3 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x1) fstatfs(r2, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) unshare(0x2000400) fsmount(r3, 0x0, 0x0) 270.536756ms ago: executing program 1 (id=1537): syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x40, &(0x7f0000000100), 0x1, 0x58a, &(0x7f0000001b40)="$eJzs3T1sG2UfAPD/neOmH3nf9JXeV3pBHSpAKlJVJ+kHFKZ2RVSq1AGJBSLHjao4cRUn0EQZ0r1CdECAupQNBkYQAwNiYWRlATEjVTQCqekARv5K09QJTohjyP1+0tnPc3f2/3nu/H/sO93JAWTW8fpDGvFURFxOIobXLRuI1sLjzfVWV5aKD1eWiknUald+TiKJiAcrS8X2+knr+UhELEfE/yPi63zEyXTtLQ+0C9WFxanxcrk026qPzE1fH6kuLJ66Nj0+WZoszZx58aVz58+eGzs9tr65D2vra/nt9fXWD7ffufXtK3dvf/LpseXie+NJXIih1rL1/dhNzW2Sjwsb5p/tRbA+SvrdAHYk18rzeir9L4Yj18r6TmrrB4fBPWke0EO1wYgakFGJ/IeMav8OqB//tqe9/P1x72LzAKQed7U1NZcMNM9NxMHGscnhX5LHjkzqx5tH97Kh7EvLNyNidGDgyc9/0vr87dzobjSQnvrqYnNHPbn/07XxJzqMP0Ptc6d/UXv8W31i/HsUP7fJ+He5yxi/vf7jh5vGvxnxdMf4yVr8pEP8NCLe7DL+nde+OL/ZstpHESeic/y2ZOvzwyNXr5VLo83HjjG+PHHs5a36f3iT+M1ztgcbXzOdtn/aZf8//+azZ5a3iP/8s1vv/07b/1BEvNtl/P88+PjVzZbdu5ncr/8K2O7+TyIfd7uM/8KF49+3is4aAgAAAAAAAADALkob17IlaWGtnKaFQvMe3v/G4bRcqc6dvFqZn5loXvN2NPJp+0qr4WY9qdfHWtfjtuunN9TP5FoBc4ca9UKxUp7oc98BAAAAAAAAAAAAAAAAAADg7+LIhvv/f8017v/f+HfVwH61+V9+A/ud/Ifsejz/k761A9h7vv8hs2ryH7JL/kN2yX/ILvkP2SX/IbvkP2SX/AcAAAAAAAAAAAAAAAAAAAAAAAAAgJ64fOlSfao9XFkq1usTAwvzU5W3Tk2UqlOF6flioViZvV6YrFQmy6VCsTL9Z++XVCrXR2Nm/sbIXKk6N1JdWHxjujI/0/5P0VK+5z0CAAAAAAAAAAAAAAAAAACAf56hxpSkhYh8s56mhULEvyLiaBLJ1Wvl0mhE/DsivsvlB+v1sX43GgAAAAAAAAAAAAAAAAAAAPaZ6sLi1Hi5XJrtXWGgFaqHIbovDGxn5YhY3t1m1N9x26/KtzZgnzedQqYKfRyUAAAAAAAAAAAAAAAAAAAgox7d9NvtK37vbYMAAAAAAAAAAAAAAAAAAAAgk9KfkoioTyeGnxvauPRAspprPEfE23euvH9jfG5udqw+//7a/LkPWvNP96P9QLfaeZpGRD2PAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEeqC4tT4+VyaXaHhcEu1ul3HwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB24o8AAAD//+mR0Yo=") syz_open_dev$tty1(0xc, 0x4, 0x1) openat2$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143041, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x2704, &(0x7f00000003c0)={0x0, 0x19, 0x2c84, 0x0, 0x136}, &(0x7f0000ff0000), 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000004c0)={{r0}, &(0x7f0000000080), &(0x7f00000003c0)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0xc2f00, 0x4d, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000980)='mm_page_free\x00', r1}, 0x18) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) 207.139627ms ago: executing program 1 (id=1538): setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x27, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfffffffffffffffe, 0xfffffffb}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) r2 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000001ec0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r4, 0x25, &(0x7f0000000000)={0x1}) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r5, 0x26, &(0x7f0000000040)={0x1, 0x0, 0x7, 0x1}) close_range(r2, 0xffffffffffffffff, 0x0) 136.703258ms ago: executing program 3 (id=1539): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x300000c, 0x50032, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000740), 0x1, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r1, 0x0, 0x2}, 0x18) process_vm_writev(0x0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0x7ffff000}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) r2 = socket$vsock_stream(0x28, 0x1, 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r2, 0x28, 0x1, &(0x7f0000000380)=0xfffffffffffff800, 0x12) bind$vsock_stream(r2, &(0x7f0000000940), 0x10) listen(r2, 0x0) r3 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r3, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10) writev(r3, &(0x7f00000002c0)=[{&(0x7f0000000080)='?', 0x20000081}], 0x1) 136.210508ms ago: executing program 3 (id=1540): socketpair$tipc(0x1e, 0x4, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x43}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000440)='kfree\x00', r1, 0x0, 0x5}, 0x18) r2 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x20, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000000)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000280)='netlink_extack\x00', r3}, 0x10) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000140)={0x4200, 0x3, 0x5}, 0x10) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, 0x0) ioctl$SG_BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20040041}, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000001080)=0x4) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, &(0x7f0000001100)={r4, 0x9, 0x30, 0x7f, 0x1}, 0x0) 86.952629ms ago: executing program 0 (id=1541): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='io_uring_register\x00', r0}, 0x10) r1 = syz_io_uring_setup(0x254c, &(0x7f0000000000)={0x0, 0x7c87, 0x800, 0x0, 0x39}, &(0x7f0000000080), &(0x7f00000001c0)) io_uring_register$IORING_UNREGISTER_PBUF_RING(r1, 0x17, &(0x7f0000000f40)={0x0, 0x0, 0x3}, 0x1) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000e00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kfree\x00', r3}, 0x18) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, &(0x7f00000000c0)=0x2, 0x4) bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0x10000000}, 0x1c) r4 = socket(0x10, 0x803, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0x3}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0xe5}}}]}, 0x38}}, 0x4080) sendmsg$nl_route_sched(r4, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000ac0)=@newtfilter={0x114, 0x2c, 0xd2b, 0x70bd2b, 0x35dfdbfb, {0x0, 0x0, 0x0, r6, {0xf}, {}, {0xe, 0xfff3}}, [@filter_kind_options=@f_u32={{0x8}, {0xe8, 0x2, [@TCA_U32_SEL={0xe4, 0x5, {0x3, 0x8, 0xd, 0x4, 0x7ff, 0x365, 0x7, 0x6, [{0x1, 0xffff, 0x7706, 0x18}, {0x7fffffff, 0x8, 0xd7, 0x3}, {0x3, 0x2, 0xea9a, 0x6}, {0x7, 0x9, 0x1, 0x9}, {0x40, 0x2, 0x1000}, {0xf, 0x3a1, 0x8, 0x405}, {0x10000, 0x9, 0x6, 0x7fffffff}, {0x4, 0x0, 0x80, 0x40}, {0x43, 0x5, 0x5, 0x4}, {0xfffffffb, 0x5, 0xff, 0x9}, {0x11, 0x7f, 0x1, 0x8}, {0x5, 0x6, 0x80, 0x3000}, {0x6, 0xc25a0, 0x3, 0x1000}]}}]}}]}, 0x114}}, 0x24040084) 0s ago: executing program 2 (id=1542): syz_open_procfs(0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x2000008, 0x11, r0, 0x10952000) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) pidfd_send_signal(0xffffffffffffffff, 0x33, 0x0, 0x0) r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) write$UHID_CREATE2(r1, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = syz_open_dev$hidraw(&(0x7f0000000000), 0x0, 0x81) prlimit64(0x0, 0xe, &(0x7f0000000180)={0xc, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) ioctl$HIDIOCGFEATURE(r2, 0xc0404807, &(0x7f0000000300)={0x62, "a4395026f7fca8f411d271a8ac0352f02647be56f7af5c020d00a854bde7a3a2e42c1c5fcac45b88f2eb03642b134fd8e5b9bfd57889164508e1794a753cea7f"}) write$UHID_DESTROY(r1, &(0x7f00000001c0), 0x4) kernel console output (not intermixed with test programs): T29] audit: type=1326 audit(1751848934.995:1830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5384 comm="syz.4.645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7f415d5ee929 code=0x7ffc0000 [ 90.822624][ T5390] netlink: 4 bytes leftover after parsing attributes in process `syz.4.656'. [ 90.842992][ T29] audit: type=1326 audit(1751848934.995:1831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5384 comm="syz.4.645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f415d5ee929 code=0x7ffc0000 [ 90.868775][ T5390] netlink: 4 bytes leftover after parsing attributes in process `syz.4.656'. [ 90.875131][ T29] audit: type=1326 audit(1751848934.995:1832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5384 comm="syz.4.645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f415d5ee929 code=0x7ffc0000 [ 90.907333][ T29] audit: type=1326 audit(1751848934.995:1833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5384 comm="syz.4.645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7f415d5ee929 code=0x7ffc0000 [ 91.018723][ T5394] netlink: 4 bytes leftover after parsing attributes in process `syz.1.647'. [ 91.031390][ T5396] loop3: detected capacity change from 0 to 2048 [ 91.038434][ T5396] EXT4-fs: Ignoring removed bh option [ 91.074282][ T5396] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 91.086697][ T5398] loop4: detected capacity change from 0 to 512 [ 91.093601][ T5398] EXT4-fs: Ignoring removed orlov option [ 91.114897][ T5398] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 91.129251][ T5398] EXT4-fs (loop4): orphan cleanup on readonly fs [ 91.142427][ T5396] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 91.144041][ T5398] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.649: bg 0: block 248: padding at end of block bitmap is not set [ 91.157484][ T5396] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 15 with max blocks 640 with error 28 [ 91.172232][ T5398] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.649: Failed to acquire dquot type 1 [ 91.172830][ T5398] EXT4-fs (loop4): 1 truncate cleaned up [ 91.173432][ T5398] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 91.185481][ T5396] EXT4-fs (loop3): This should not happen!! Data will be lost [ 91.185481][ T5396] [ 91.185547][ T5396] EXT4-fs (loop3): Total free blocks count 0 [ 91.185563][ T5396] EXT4-fs (loop3): Free/Dirty block details [ 91.185577][ T5396] EXT4-fs (loop3): free_blocks=2415919104 [ 91.245159][ T5396] EXT4-fs (loop3): dirty_blocks=656 [ 91.250380][ T5396] EXT4-fs (loop3): Block reservation details [ 91.256478][ T5396] EXT4-fs (loop3): i_reserved_data_blocks=41 [ 91.280172][ T175] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 91.315370][ T5398] syz.4.649 (5398) used greatest stack depth: 9224 bytes left [ 91.323458][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 91.715751][ T5410] bond2: (slave erspan0): Releasing active interface [ 91.727828][ T5410] bond0: (slave veth0_to_hsr): Releasing backup interface [ 91.737978][ T5407] pim6reg1: entered promiscuous mode [ 91.743511][ T5407] pim6reg1: entered allmulticast mode [ 93.070833][ T5438] xt_CT: No such helper "snmp_trap" [ 93.278273][ T5448] netdevsim netdevsim2 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 93.289797][ T5451] loop4: detected capacity change from 0 to 1024 [ 93.298617][ T5451] EXT4-fs: Ignoring removed bh option [ 93.323385][ T5451] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 93.363895][ T5448] netdevsim netdevsim2 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 93.455211][ T5448] netdevsim netdevsim2 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 93.526278][ T5448] netdevsim netdevsim2 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 93.590773][ T5448] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 93.621717][ T5448] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 93.653671][ T5448] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 93.667186][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 93.689945][ T5448] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 93.858697][ T5462] loop2: detected capacity change from 0 to 2048 [ 93.915673][ T5462] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 94.360777][ T5462] netlink: 'syz.2.667': attribute type 10 has an invalid length. [ 94.381637][ T5462] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.390328][ T5462] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 94.508176][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 94.711346][ T5474] loop2: detected capacity change from 0 to 128 [ 95.074482][ T5486] netlink: 8 bytes leftover after parsing attributes in process `+}[@'. [ 95.098155][ T5486] netlink: 4 bytes leftover after parsing attributes in process `+}[@'. [ 95.677855][ T29] kauditd_printk_skb: 271 callbacks suppressed [ 95.677869][ T29] audit: type=1326 audit(1751848940.005:2103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5479 comm="syz.2.673" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f63d5ae58e7 code=0x7ffc0000 [ 95.739112][ T29] audit: type=1326 audit(1751848940.045:2104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5479 comm="syz.2.673" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f63d5a8ab19 code=0x7ffc0000 [ 95.762482][ T29] audit: type=1326 audit(1751848940.045:2105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5479 comm="syz.2.673" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f63d5ae58e7 code=0x7ffc0000 [ 95.785830][ T29] audit: type=1326 audit(1751848940.045:2106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5479 comm="syz.2.673" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f63d5a8ab19 code=0x7ffc0000 [ 95.809117][ T29] audit: type=1326 audit(1751848940.045:2107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5479 comm="syz.2.673" exe="/root/syz-executor" sig=0 arch=c000003e syscall=449 compat=0 ip=0x7f63d5aee929 code=0x7ffc0000 [ 95.832464][ T29] audit: type=1326 audit(1751848940.045:2108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5479 comm="syz.2.673" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f63d5ae58e7 code=0x7ffc0000 [ 95.855866][ T29] audit: type=1326 audit(1751848940.045:2109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5479 comm="syz.2.673" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f63d5a8ab19 code=0x7ffc0000 [ 95.879110][ T29] audit: type=1326 audit(1751848940.045:2110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5479 comm="syz.2.673" exe="/root/syz-executor" sig=0 arch=c000003e syscall=449 compat=0 ip=0x7f63d5aee929 code=0x7ffc0000 [ 95.980412][ T5498] netlink: 'syz.2.678': attribute type 10 has an invalid length. [ 95.998985][ T5498] veth0_vlan: entered allmulticast mode [ 96.015833][ T5498] veth0_vlan: left promiscuous mode [ 96.028591][ T5498] veth0_vlan: entered promiscuous mode [ 96.048463][ T5498] team0: Device veth0_vlan failed to register rx_handler [ 96.105590][ T5501] loop3: detected capacity change from 0 to 1024 [ 96.115948][ T29] audit: type=1400 audit(1751848940.135:2111): avc: denied { ioctl } for pid=5497 comm="syz.2.678" path=2F7365637265746D656D202864656C6574656429 dev="secretmem" ino=10832 ioctlcmd=0x5430 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 96.142993][ T29] audit: type=1400 audit(1751848940.145:2112): avc: denied { module_load } for pid=5497 comm="syz.2.678" path=2F7365637265746D656D202864656C6574656429 dev="secretmem" ino=10832 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=system permissive=1 [ 96.205508][ T5501] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 96.219496][ T5505] netlink: 4 bytes leftover after parsing attributes in process `syz.2.681'. [ 96.243213][ T5501] ext4 filesystem being mounted at /113/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 96.261277][ T5505] bond0: (slave batadv0): Releasing backup interface [ 96.274477][ T5501] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 96.306524][ T5501] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 319 with max blocks 1 with error 28 [ 96.319069][ T5501] EXT4-fs (loop3): This should not happen!! Data will be lost [ 96.319069][ T5501] [ 96.328787][ T5501] EXT4-fs (loop3): Total free blocks count 0 [ 96.334853][ T5501] EXT4-fs (loop3): Free/Dirty block details [ 96.340809][ T5501] EXT4-fs (loop3): free_blocks=4293918720 [ 96.346612][ T5501] EXT4-fs (loop3): dirty_blocks=16 [ 96.351832][ T5501] EXT4-fs (loop3): Block reservation details [ 96.357262][ T5512] netlink: 'syz.0.682': attribute type 13 has an invalid length. [ 96.357824][ T5501] EXT4-fs (loop3): i_reserved_data_blocks=1 [ 96.399087][ T5515] pim6reg1: entered promiscuous mode [ 96.404578][ T5515] pim6reg1: entered allmulticast mode [ 96.418132][ T3304] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 96.605468][ T5520] tipc: Enabled bearer , priority 0 [ 96.704642][ T5518] tipc: Resetting bearer [ 96.779756][ T5518] tipc: Disabling bearer [ 96.930525][ T5532] vlan3: entered allmulticast mode [ 96.937182][ T5532] bridge_slave_0: entered allmulticast mode [ 97.198017][ T5544] netlink: 'syz.3.692': attribute type 10 has an invalid length. [ 97.222823][ T5544] veth0_vlan: entered allmulticast mode [ 97.243276][ T5544] veth0_vlan: left promiscuous mode [ 97.250307][ T5544] veth0_vlan: entered promiscuous mode [ 97.324426][ T5544] team0: Device veth0_vlan failed to register rx_handler [ 97.761408][ T5552] netlink: 'syz.3.695': attribute type 13 has an invalid length. [ 99.086701][ T5563] netlink: 8 bytes leftover after parsing attributes in process `syz.3.696'. [ 99.161599][ T5565] pim6reg1: entered promiscuous mode [ 99.167026][ T5565] pim6reg1: entered allmulticast mode [ 99.302221][ T5569] netlink: 16 bytes leftover after parsing attributes in process `syz.1.701'. [ 99.332205][ T5569] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 99.434863][ T5575] loop1: detected capacity change from 0 to 2048 [ 99.461140][ T5575] EXT4-fs: Ignoring removed bh option [ 99.491582][ T5575] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 99.565983][ T5575] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 99.596903][ T5575] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 15 with max blocks 640 with error 28 [ 99.609499][ T5575] EXT4-fs (loop1): This should not happen!! Data will be lost [ 99.609499][ T5575] [ 99.619216][ T5575] EXT4-fs (loop1): Total free blocks count 0 [ 99.625255][ T5575] EXT4-fs (loop1): Free/Dirty block details [ 99.631266][ T5575] EXT4-fs (loop1): free_blocks=2415919104 [ 99.637012][ T5575] EXT4-fs (loop1): dirty_blocks=656 [ 99.642261][ T5575] EXT4-fs (loop1): Block reservation details [ 99.648384][ T5575] EXT4-fs (loop1): i_reserved_data_blocks=41 [ 99.767181][ T4664] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 99.848383][ T5582] netlink: 'syz.2.707': attribute type 13 has an invalid length. [ 99.929513][ T5582] netdevsim netdevsim2 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 99.938113][ T5582] netdevsim netdevsim2 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 99.945423][ T5586] netlink: 'syz.1.706': attribute type 10 has an invalid length. [ 99.946572][ T5582] netdevsim netdevsim2 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 99.962703][ T5582] netdevsim netdevsim2 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 100.006974][ T5586] veth0_vlan: entered allmulticast mode [ 100.091792][ T5589] netlink: 'syz.4.708': attribute type 4 has an invalid length. [ 100.099500][ T5589] netlink: 17 bytes leftover after parsing attributes in process `syz.4.708'. [ 100.299631][ T5600] loop1: detected capacity change from 0 to 128 [ 100.649979][ T5603] xt_CT: No such helper "snmp_trap" [ 100.799022][ T5613] netlink: 4 bytes leftover after parsing attributes in process `syz.3.715'. [ 101.172070][ T29] kauditd_printk_skb: 35 callbacks suppressed [ 101.172088][ T29] audit: type=1400 audit(1751848945.505:2148): avc: denied { mount } for pid=5618 comm="syz.0.726" name="/" dev="ramfs" ino=11106 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 101.329992][ T5631] netlink: 8 bytes leftover after parsing attributes in process `syz.4.716'. [ 102.382979][ T5645] netlink: 'syz.4.720': attribute type 13 has an invalid length. [ 102.420905][ T29] audit: type=1400 audit(1751848946.755:2149): avc: denied { bind } for pid=5646 comm="syz.3.722" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 102.461504][ T5647] xt_CT: You must specify a L4 protocol and not use inversions on it [ 102.496626][ T5651] netlink: 'syz.4.723': attribute type 1 has an invalid length. [ 102.522777][ T5647] loop3: detected capacity change from 0 to 8192 [ 102.545655][ T5651] 8021q: adding VLAN 0 to HW filter on device bond2 [ 102.566700][ T5653] 8021q: adding VLAN 0 to HW filter on device bond2 [ 102.581411][ T5653] bond2: (slave vxcan1): The slave device specified does not support setting the MAC address [ 102.602577][ T5653] bond2: (slave vxcan1): Error -95 calling set_mac_address [ 102.668822][ T5651] veth1: entered promiscuous mode [ 102.709228][ T5651] bond2: (slave veth1): Enslaving as an active interface with a down link [ 102.718128][ T5654] erspan0: entered allmulticast mode [ 102.731061][ T5654] bond2: (slave erspan0): making interface the new active one [ 102.732461][ T5656] netlink: 8 bytes leftover after parsing attributes in process `syz.3.724'. [ 102.749226][ T5654] bond2: (slave erspan0): Enslaving as an active interface with an up link [ 102.751033][ T29] audit: type=1400 audit(1751848947.055:2150): avc: denied { create } for pid=5655 comm="syz.3.724" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 102.792914][ T5656] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 102.803380][ T5657] netlink: 8 bytes leftover after parsing attributes in process `syz.3.724'. [ 102.846530][ T5659] netlink: 'syz.4.725': attribute type 10 has an invalid length. [ 102.864670][ T5659] bridge0: port 1(team0) entered blocking state [ 102.871055][ T5659] bridge0: port 1(team0) entered disabled state [ 102.897779][ T5659] team0: entered allmulticast mode [ 102.899499][ T5662] netlink: 'syz.4.725': attribute type 4 has an invalid length. [ 102.908846][ T5659] team0: entered promiscuous mode [ 102.910765][ T5662] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.725'. [ 102.936064][ T5661] pim6reg1: entered promiscuous mode [ 102.941520][ T5661] pim6reg1: entered allmulticast mode [ 103.142955][ T5667] netlink: 4 bytes leftover after parsing attributes in process `syz.4.730'. [ 103.242296][ T29] audit: type=1400 audit(1751848947.575:2151): avc: denied { wake_alarm } for pid=5670 comm="syz.0.735" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 103.655782][ T5678] netlink: 8 bytes leftover after parsing attributes in process `syz.0.737'. [ 103.988252][ T5680] loop3: detected capacity change from 0 to 512 [ 104.048231][ T5680] Quota error (device loop3): v2_read_file_info: Free block number 1090519040 out of range (1, 6). [ 104.070790][ T5680] EXT4-fs warning (device loop3): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 104.088786][ T5680] EXT4-fs (loop3): mount failed [ 104.127731][ T5687] netlink: 'syz.3.741': attribute type 1 has an invalid length. [ 104.154490][ T5687] 8021q: adding VLAN 0 to HW filter on device bond1 [ 104.191502][ T5687] 8021q: adding VLAN 0 to HW filter on device bond1 [ 104.201671][ T5687] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 104.213620][ T5687] bond1: (slave vxcan3): Error -95 calling set_mac_address [ 104.267464][ T5696] mmap: syz.2.743 (5696) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 104.297205][ T5693] veth3: entered promiscuous mode [ 104.336573][ T5693] bond1: (slave veth3): Enslaving as an active interface with a down link [ 104.348880][ T5687] erspan0: entered allmulticast mode [ 104.360168][ T5687] bond1: (slave erspan0): making interface the new active one [ 104.378508][ T5687] bond1: (slave erspan0): Enslaving as an active interface with an up link [ 104.462954][ T29] audit: type=1400 audit(1751848948.795:2152): avc: denied { listen } for pid=5699 comm="syz.3.745" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 104.556286][ T5705] loop3: detected capacity change from 0 to 512 [ 104.566549][ T5705] EXT4-fs: Ignoring removed orlov option [ 104.578626][ T5705] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 104.589977][ T5705] EXT4-fs (loop3): orphan cleanup on readonly fs [ 104.597420][ T5705] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.746: bg 0: block 248: padding at end of block bitmap is not set [ 104.613040][ T5705] Quota error (device loop3): write_blk: dquota write failed [ 104.620488][ T5705] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 104.630594][ T5705] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.746: Failed to acquire dquot type 1 [ 104.643356][ T5705] EXT4-fs (loop3): 1 truncate cleaned up [ 104.650376][ T5705] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 104.922884][ T5713] veth0_vlan: left promiscuous mode [ 104.934907][ T3304] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.950635][ T5713] veth0_vlan: entered promiscuous mode [ 105.166906][ T29] audit: type=1400 audit(1751848949.495:2153): avc: denied { create } for pid=5720 comm="" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 105.229576][ T5721] netlink: 52 bytes leftover after parsing attributes in process `'. [ 105.279253][ T29] audit: type=1400 audit(1751848949.605:2154): avc: denied { watch } for pid=5717 comm="syz.4.751" path="/163/control" dev="tmpfs" ino=876 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 105.447066][ T5731] siw: device registration error -23 [ 105.545358][ T5733] loop4: detected capacity change from 0 to 8192 [ 105.613752][ T5739] tipc: Failed to remove unknown binding: 66,1,1/0:3432622271/3432622273 [ 105.659602][ T5739] tipc: Failed to remove unknown binding: 66,1,1/0:3432622271/3432622273 [ 105.668208][ T5739] tipc: Failed to remove unknown binding: 66,1,1/0:3432622271/3432622273 [ 105.781906][ T5747] loop1: detected capacity change from 0 to 512 [ 105.801926][ T5747] EXT4-fs: Ignoring removed orlov option [ 105.814041][ T5747] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 105.823338][ T5747] EXT4-fs (loop1): orphan cleanup on readonly fs [ 105.830279][ T5747] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.760: bg 0: block 248: padding at end of block bitmap is not set [ 105.849220][ T5747] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.760: Failed to acquire dquot type 1 [ 105.884928][ T5747] EXT4-fs (loop1): 1 truncate cleaned up [ 105.899094][ T5747] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 105.968719][ T5750] loop3: detected capacity change from 0 to 512 [ 106.012018][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.026244][ T5750] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 106.067987][ C1] sd 0:0:1:0: [sda] tag#1509 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 106.070975][ T5750] EXT4-fs (loop3): invalid journal inode [ 106.078412][ C1] sd 0:0:1:0: [sda] tag#1509 CDB: Read(6) 08 00 00 00 80 00 00 00 00 00 00 fe [ 106.097848][ T5750] EXT4-fs (loop3): can't get journal size [ 106.110275][ T5750] EXT4-fs (loop3): 1 truncate cleaned up [ 106.122304][ T5750] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 106.152721][ T3304] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.183722][ T29] kauditd_printk_skb: 15 callbacks suppressed [ 106.183735][ T29] audit: type=1326 audit(1751848950.515:2168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5757 comm="syz.3.763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd90713e929 code=0x7ffc0000 [ 106.222748][ T29] audit: type=1326 audit(1751848950.545:2169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5757 comm="syz.3.763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd90713e929 code=0x7ffc0000 [ 106.246266][ T29] audit: type=1326 audit(1751848950.545:2170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5757 comm="syz.3.763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd90713e929 code=0x7ffc0000 [ 106.269649][ T29] audit: type=1326 audit(1751848950.545:2171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5757 comm="syz.3.763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd90713e929 code=0x7ffc0000 [ 106.293067][ T29] audit: type=1326 audit(1751848950.545:2172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5757 comm="syz.3.763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd90713e929 code=0x7ffc0000 [ 106.316475][ T29] audit: type=1326 audit(1751848950.545:2173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5757 comm="syz.3.763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd90713e929 code=0x7ffc0000 [ 106.339914][ T29] audit: type=1326 audit(1751848950.545:2174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5757 comm="syz.3.763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd90713e929 code=0x7ffc0000 [ 106.363328][ T29] audit: type=1326 audit(1751848950.545:2175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5757 comm="syz.3.763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd90713e929 code=0x7ffc0000 [ 106.386671][ T29] audit: type=1326 audit(1751848950.545:2176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5757 comm="syz.3.763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd90713e929 code=0x7ffc0000 [ 106.410077][ T29] audit: type=1326 audit(1751848950.545:2177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5757 comm="syz.3.763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd90713e929 code=0x7ffc0000 [ 106.434508][ T5759] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.763'. [ 106.467875][ T5758] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.763'. [ 106.512416][ T5763] tipc: Started in network mode [ 106.517426][ T5763] tipc: Node identity ac14140f, cluster identity 4711 [ 106.524641][ T5763] tipc: New replicast peer: 255.255.255.255 [ 106.526051][ T5765] netlink: 12 bytes leftover after parsing attributes in process `syz.3.766'. [ 106.532345][ T5763] tipc: Enabled bearer , priority 10 [ 106.670019][ T5769] loop1: detected capacity change from 0 to 128 [ 106.679904][ T5776] bond_slave_1: entered promiscuous mode [ 106.698650][ T5776] netlink: 4 bytes leftover after parsing attributes in process `syz.3.772'. [ 106.699188][ T5769] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 106.731456][ T5780] rdma_rxe: rxe_newlink: failed to add lo [ 106.742040][ T5776] bond_slave_1 (unregistering): left promiscuous mode [ 106.750686][ T5780] netlink: 8 bytes leftover after parsing attributes in process `syz.0.774'. [ 106.765359][ T5769] ext4 filesystem being mounted at /159/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 106.853953][ T3311] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 106.983166][ T5800] netlink: 4 bytes leftover after parsing attributes in process `syz.2.783'. [ 107.009877][ T5803] netlink: 100 bytes leftover after parsing attributes in process `syz.3.785'. [ 107.062246][ T5803] sch_tbf: burst 0 is lower than device lo mtu (11337746) ! [ 107.115308][ T5812] netlink: '¬í': attribute type 10 has an invalid length. [ 107.132830][ T5812] team0: Port device dummy0 added [ 107.138783][ T5812] netlink: '¬í': attribute type 10 has an invalid length. [ 107.147175][ T5812] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 107.157809][ T5812] team0: Failed to send options change via netlink (err -105) [ 107.174445][ T5812] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 107.194191][ T5812] team0: Port device dummy0 removed [ 107.226768][ T5812] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 107.307513][ T5820] loop2: detected capacity change from 0 to 512 [ 107.336456][ T5820] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 107.372700][ T5820] EXT4-fs (loop2): 1 truncate cleaned up [ 107.380687][ T5820] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 107.407071][ T5820] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.423212][ T5825] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 107.545271][ T5832] random: crng reseeded on system resumption [ 107.598175][ T5837] netlink: 'syz.0.798': attribute type 39 has an invalid length. [ 107.634605][ T5835] loop3: detected capacity change from 0 to 8192 [ 107.641828][ T2959] tipc: Node number set to 2886997007 [ 108.142431][ T5845] loop4: detected capacity change from 0 to 1024 [ 108.168090][ T5845] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 108.223214][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.389614][ T5852] netlink: 'syz.4.801': attribute type 1 has an invalid length. [ 108.398068][ T5852] netlink: 224 bytes leftover after parsing attributes in process `syz.4.801'. [ 109.268379][ T5869] loop4: detected capacity change from 0 to 1024 [ 109.288591][ T5869] EXT4-fs: Ignoring removed orlov option [ 109.299603][ T5869] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 110.179896][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 110.205616][ T5884] netlink: 4 bytes leftover after parsing attributes in process `syz.0.813'. [ 110.245313][ T5884] __nla_validate_parse: 5 callbacks suppressed [ 110.245330][ T5884] netlink: 4 bytes leftover after parsing attributes in process `syz.0.813'. [ 110.261918][ T5884] netlink: 4 bytes leftover after parsing attributes in process `syz.0.813'. [ 110.272446][ T5884] netlink: 4 bytes leftover after parsing attributes in process `syz.0.813'. [ 110.735191][ T5915] tipc: Enabling of bearer rejected, already enabled [ 111.274434][ T5928] netlink: 4 bytes leftover after parsing attributes in process `+}[@'. [ 111.340195][ T29] kauditd_printk_skb: 67 callbacks suppressed [ 111.340212][ T29] audit: type=1400 audit(1751848955.665:2245): avc: denied { write } for pid=5929 comm="syz.4.826" path="socket:[12924]" dev="sockfs" ino=12924 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 111.391169][ T5894] syz.3.815 (5894) used greatest stack depth: 7160 bytes left [ 111.644314][ T5940] loop2: detected capacity change from 0 to 1024 [ 111.674060][ T5940] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945) [ 111.707565][ T5940] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 111.767282][ T5940] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 111.787546][ T5940] EXT4-fs (loop2): orphan cleanup on readonly fs [ 111.801870][ T5940] EXT4-fs error (device loop2): ext4_read_inode_bitmap:167: comm syz.2.830: Inode bitmap for bg 0 marked uninitialized [ 111.834703][ T5940] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 111.884411][ T29] audit: type=1400 audit(1751848956.205:2246): avc: denied { read } for pid=5944 comm="syz.3.831" name="event3" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 111.909094][ T29] audit: type=1400 audit(1751848956.205:2247): avc: denied { open } for pid=5944 comm="syz.3.831" path="/dev/input/event3" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 111.930937][ T5925] Set syz1 is full, maxelem 65536 reached [ 111.956280][ T5945] netlink: 4 bytes leftover after parsing attributes in process `syz.3.831'. [ 112.014766][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 112.026727][ T5948] loop1: detected capacity change from 0 to 1024 [ 112.053234][ T5945] hsr_slave_0: left promiscuous mode [ 112.063191][ T5948] EXT4-fs: Ignoring removed orlov option [ 112.087063][ T5945] hsr_slave_1: left promiscuous mode [ 112.109633][ T5948] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 112.141659][ T5958] bridge0: port 1(team0) entered blocking state [ 112.148072][ T5958] bridge0: port 1(team0) entered disabled state [ 112.195073][ T5964] netlink: 16 bytes leftover after parsing attributes in process `syz.3.837'. [ 112.204601][ T5958] team0: entered allmulticast mode [ 112.213911][ T5958] team0: entered promiscuous mode [ 112.230556][ T5964] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 112.460242][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 112.749935][ T5985] vlan3: entered promiscuous mode [ 112.757190][ T5985] gretap0: entered promiscuous mode [ 113.043082][ T29] audit: type=1326 audit(1751848957.375:2248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5986 comm="syz.2.847" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63d5aee929 code=0x7ffc0000 [ 113.110053][ T5987] loop2: detected capacity change from 0 to 1024 [ 113.118628][ T5987] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 113.129072][ T29] audit: type=1326 audit(1751848957.375:2249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5986 comm="syz.2.847" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63d5aee929 code=0x7ffc0000 [ 113.152483][ T29] audit: type=1326 audit(1751848957.375:2250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5986 comm="syz.2.847" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f63d5aee929 code=0x7ffc0000 [ 113.175915][ T29] audit: type=1326 audit(1751848957.375:2251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5986 comm="syz.2.847" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63d5aee929 code=0x7ffc0000 [ 113.199388][ T29] audit: type=1326 audit(1751848957.375:2252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5986 comm="syz.2.847" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f63d5aee929 code=0x7ffc0000 [ 113.222840][ T29] audit: type=1326 audit(1751848957.375:2253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5986 comm="syz.2.847" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63d5aee929 code=0x7ffc0000 [ 113.246273][ T29] audit: type=1326 audit(1751848957.375:2254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5986 comm="syz.2.847" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f63d5aee929 code=0x7ffc0000 [ 113.351520][ T5987] EXT4-fs (loop2): can't mount with commit=, fs mounted w/o journal [ 113.440632][ T5996] netlink: 'syz.2.849': attribute type 1 has an invalid length. [ 113.448415][ T5996] netlink: 224 bytes leftover after parsing attributes in process `syz.2.849'. [ 113.624148][ T6004] netlink: 24 bytes leftover after parsing attributes in process `syz.3.850'. [ 113.887135][ T6008] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 113.914279][ T6008] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 114.040031][ T6012] loop4: detected capacity change from 0 to 512 [ 114.113475][ T6012] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 114.128069][ T6012] ext4 filesystem being mounted at /185/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 114.333138][ T6025] netlink: 172 bytes leftover after parsing attributes in process `syz.2.857'. [ 114.344703][ T6025] netlink: 172 bytes leftover after parsing attributes in process `syz.2.857'. [ 114.496483][ T6027] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6027 comm=syz.2.858 [ 114.721854][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 114.957245][ T6043] loop4: detected capacity change from 0 to 2048 [ 114.973054][ T6043] EXT4-fs: Ignoring removed bh option [ 115.018218][ T6043] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 115.044181][ T6055] loop1: detected capacity change from 0 to 128 [ 115.111442][ T6058] syz.1.868: attempt to access beyond end of device [ 115.111442][ T6058] loop1: rw=2049, sector=153, nr_sectors = 8 limit=128 [ 115.114678][ T6043] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 115.139526][ T6058] syz.1.868: attempt to access beyond end of device [ 115.139526][ T6058] loop1: rw=2049, sector=169, nr_sectors = 8 limit=128 [ 115.169436][ T1435] kworker/u8:6: attempt to access beyond end of device [ 115.169436][ T1435] loop1: rw=1, sector=201, nr_sectors = 8 limit=128 [ 115.191372][ T6043] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 15 with max blocks 640 with error 28 [ 115.192192][ T1435] kworker/u8:6: attempt to access beyond end of device [ 115.192192][ T1435] loop1: rw=1, sector=217, nr_sectors = 8 limit=128 [ 115.205560][ T6043] EXT4-fs (loop4): This should not happen!! Data will be lost [ 115.205560][ T6043] [ 115.227888][ T6043] EXT4-fs (loop4): Total free blocks count 0 [ 115.235207][ T6043] EXT4-fs (loop4): Free/Dirty block details [ 115.241927][ T6043] EXT4-fs (loop4): free_blocks=2415919104 [ 115.246505][ T6058] syz.1.868: attempt to access beyond end of device [ 115.246505][ T6058] loop1: rw=2049, sector=185, nr_sectors = 8 limit=128 [ 115.247683][ T6043] EXT4-fs (loop4): dirty_blocks=656 [ 115.247701][ T6043] EXT4-fs (loop4): Block reservation details [ 115.263360][ T1435] kworker/u8:6: attempt to access beyond end of device [ 115.263360][ T1435] loop1: rw=1, sector=233, nr_sectors = 8 limit=128 [ 115.267585][ T6043] EXT4-fs (loop4): i_reserved_data_blocks=41 [ 115.267867][ T175] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 115.286497][ T6058] syz.1.868: attempt to access beyond end of device [ 115.286497][ T6058] loop1: rw=2049, sector=249, nr_sectors = 8 limit=128 [ 115.373318][ T1435] kworker/u8:6: attempt to access beyond end of device [ 115.373318][ T1435] loop1: rw=1, sector=265, nr_sectors = 8 limit=128 [ 115.387082][ T1435] kworker/u8:6: attempt to access beyond end of device [ 115.387082][ T1435] loop1: rw=1, sector=297, nr_sectors = 8 limit=128 [ 115.401718][ T6058] syz.1.868: attempt to access beyond end of device [ 115.401718][ T6058] loop1: rw=2049, sector=281, nr_sectors = 8 limit=128 [ 115.456897][ T6064] loop4: detected capacity change from 0 to 128 [ 115.498394][ T6064] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 115.517847][ T6064] ext4 filesystem being mounted at /189/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 115.966276][ T6071] loop3: detected capacity change from 0 to 2048 [ 116.034730][ T6071] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 116.051696][ T3312] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 116.086982][ T6075] loop4: detected capacity change from 0 to 512 [ 116.105662][ T6075] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 116.133060][ T6075] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #16: comm syz.4.873: invalid indirect mapped block 4294967295 (level 0) [ 116.172330][ T6075] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #16: comm syz.4.873: invalid indirect mapped block 4294967295 (level 1) [ 116.188787][ T6075] EXT4-fs (loop4): 1 orphan inode deleted [ 116.196050][ T6075] EXT4-fs (loop4): 1 truncate cleaned up [ 116.217751][ T6075] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 116.288017][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 116.375583][ T6093] loop2: detected capacity change from 0 to 1024 [ 116.399626][ T6093] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 116.420243][ T29] kauditd_printk_skb: 70 callbacks suppressed [ 116.420260][ T29] audit: type=1400 audit(1751848960.745:2325): avc: denied { nlmsg_read } for pid=6090 comm="syz.2.879" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1 [ 116.460961][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 116.463243][ T6097] $Hÿ: renamed from bond0 [ 116.474607][ T29] audit: type=1400 audit(1751848960.775:2326): avc: denied { getopt } for pid=6090 comm="syz.2.879" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 116.534455][ T6097] $Hÿ: entered promiscuous mode [ 116.607450][ T6101] __nla_validate_parse: 2 callbacks suppressed [ 116.607469][ T6101] netlink: 4 bytes leftover after parsing attributes in process `syz.1.884'. [ 116.632309][ T6101] 9pnet_fd: Insufficient options for proto=fd [ 116.660318][ T29] audit: type=1400 audit(1751848960.985:2327): avc: denied { create } for pid=6111 comm="syz.0.887" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 116.679963][ T29] audit: type=1400 audit(1751848960.985:2328): avc: denied { connect } for pid=6111 comm="syz.0.887" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 116.785113][ T6116] loop1: detected capacity change from 0 to 2048 [ 116.794765][ T3304] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 116.833264][ T6116] EXT4-fs: Ignoring removed mblk_io_submit option [ 116.877284][ T6116] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 116.902729][ T6116] netlink: 4 bytes leftover after parsing attributes in process `syz.1.888'. [ 116.975746][ T29] audit: type=1400 audit(1751848961.305:2329): avc: denied { execute } for pid=6125 comm="syz.3.892" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=14032 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 117.082840][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 117.178267][ T6158] netlink: 4 bytes leftover after parsing attributes in process `syz.1.894'. [ 117.201125][ T6158] netlink: 'syz.1.894': attribute type 13 has an invalid length. [ 117.893683][ T6204] netlink: 'syz.1.898': attribute type 1 has an invalid length. [ 117.934931][ T6204] 8021q: adding VLAN 0 to HW filter on device bond0 [ 117.942956][ T6210] sch_tbf: burst 19872 is lower than device lo mtu (11337746) ! [ 117.962646][ T6204] netlink: 'syz.1.898': attribute type 21 has an invalid length. [ 117.978525][ T6204] netlink: 'syz.1.898': attribute type 1 has an invalid length. [ 117.986333][ T6204] netlink: 144 bytes leftover after parsing attributes in process `syz.1.898'. [ 118.005793][ T6204] veth3: entered promiscuous mode [ 118.022042][ T6204] vlan3: entered allmulticast mode [ 118.027238][ T6204] bond0: entered allmulticast mode [ 118.070097][ T29] audit: type=1400 audit(1751848962.395:2330): avc: denied { read } for pid=6212 comm="syz.2.901" name="ptp0" dev="devtmpfs" ino=246 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 118.094605][ T29] audit: type=1400 audit(1751848962.395:2331): avc: denied { open } for pid=6212 comm="syz.2.901" path="/dev/ptp0" dev="devtmpfs" ino=246 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 118.136852][ T29] audit: type=1400 audit(1751848962.455:2332): avc: denied { ioctl } for pid=6212 comm="syz.2.901" path="/dev/ptp0" dev="devtmpfs" ino=246 ioctlcmd=0x3d05 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 118.268419][ T29] audit: type=1400 audit(1751848962.555:2333): avc: denied { setopt } for pid=6221 comm="syz.3.903" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 118.288380][ T29] audit: type=1400 audit(1751848962.555:2334): avc: denied { write } for pid=6221 comm="syz.3.903" path="socket:[14088]" dev="sockfs" ino=14088 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 118.537456][ T6236] loop2: detected capacity change from 0 to 128 [ 118.559680][ T6236] EXT4-fs: Ignoring removed nobh option [ 118.723791][ T6236] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 118.788471][ T6236] ext4 filesystem being mounted at /191/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 118.894800][ T3307] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 118.935182][ T6248] loop4: detected capacity change from 0 to 512 [ 118.944678][ T6248] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 119.031934][ T6248] EXT4-fs (loop4): 1 truncate cleaned up [ 119.044423][ T6248] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 119.343719][ T6270] loop2: detected capacity change from 0 to 512 [ 119.399877][ T6270] EXT4-fs (loop2): couldn't mount as ext2 due to feature incompatibilities [ 119.608390][ T6276] x_tables: ip6_tables: sctp match: only valid for protocol 132 [ 120.084591][ T6282] 9pnet_fd: Insufficient options for proto=fd [ 120.093886][ T6284] loop2: detected capacity change from 0 to 512 [ 120.142997][ T6284] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 120.166091][ T6284] ext4 filesystem being mounted at /197/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 120.198292][ T6248] syz.4.912 (6248) used greatest stack depth: 7000 bytes left [ 120.209157][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 120.419929][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 120.462951][ T6296] loop4: detected capacity change from 0 to 2048 [ 120.524005][ T6296] netlink: 4 bytes leftover after parsing attributes in process `syz.4.928'. [ 120.549998][ T6296] hsr_slave_0 (unregistering): left promiscuous mode [ 120.572700][ T6301] loop1: detected capacity change from 0 to 2048 [ 120.637434][ T3296] Alternate GPT is invalid, using primary GPT. [ 120.643858][ T3296] loop1: p1 p2 p3 [ 120.683308][ T6301] Alternate GPT is invalid, using primary GPT. [ 120.689825][ T6301] loop1: p1 p2 p3 [ 120.794609][ T6310] vhci_hcd: invalid port number 96 [ 120.799947][ T6310] vhci_hcd: default hub control req: 0000 vfffc i0060 l0 [ 120.855947][ T6308] loop4: detected capacity change from 0 to 1024 [ 120.901105][ T6308] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 121.410034][ T3477] udevd[3477]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory [ 121.411480][ T3298] udevd[3298]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 121.441326][ T3296] udevd[3296]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 121.456730][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 121.467189][ T3477] udevd[3477]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory [ 121.469100][ T3298] udevd[3298]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 121.491179][ T3296] udevd[3296]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 121.529851][ T6319] netlink: 4 bytes leftover after parsing attributes in process `syz.1.936'. [ 121.546594][ T6320] netlink: 'syz.4.935': attribute type 27 has an invalid length. [ 121.579561][ T6319] netlink: 4 bytes leftover after parsing attributes in process `syz.1.936'. [ 121.611568][ T6321] erspan0: left allmulticast mode [ 121.637948][ T6321] 8021q: adding VLAN 0 to HW filter on device bond0 [ 121.660173][ T6322] loop4: detected capacity change from 0 to 512 [ 121.700904][ T6321] 8021q: adding VLAN 0 to HW filter on device team0 [ 121.725679][ T6324] netlink: 4 bytes leftover after parsing attributes in process `syz.2.937'. [ 121.736028][ T6321] A link change request failed with some changes committed already. Interface 60ªX¹¦À may have been left with an inconsistent configuration, please check. [ 121.810324][ T6322] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 121.820022][ T6322] EXT4-fs (loop4): orphan cleanup on readonly fs [ 121.828303][ T6322] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #16: comm syz.4.935: corrupted inode contents [ 121.841358][ T6322] EXT4-fs error (device loop4): ext4_dirty_inode:6459: inode #16: comm syz.4.935: mark_inode_dirty error [ 121.853475][ T6322] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #16: comm syz.4.935: corrupted inode contents [ 121.875142][ T6322] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #16: comm syz.4.935: mark_inode_dirty error [ 121.888557][ T6322] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #16: comm syz.4.935: corrupted inode contents [ 121.903433][ T6322] EXT4-fs error (device loop4) in ext4_orphan_del:305: Corrupt filesystem [ 121.913564][ T6322] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #16: comm syz.4.935: corrupted inode contents [ 121.946731][ T6322] EXT4-fs error (device loop4): ext4_truncate:4597: inode #16: comm syz.4.935: mark_inode_dirty error [ 121.959869][ T6322] EXT4-fs error (device loop4) in ext4_process_orphan:347: Corrupt filesystem [ 121.973148][ T29] kauditd_printk_skb: 84 callbacks suppressed [ 121.973161][ T29] audit: type=1326 audit(1751848966.265:2419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6333 comm="syz.0.939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ea735e929 code=0x7ffc0000 [ 122.004233][ T29] audit: type=1326 audit(1751848966.265:2420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6333 comm="syz.0.939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ea735e929 code=0x7ffc0000 [ 122.027836][ T29] audit: type=1326 audit(1751848966.265:2421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6333 comm="syz.0.939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f4ea735e929 code=0x7ffc0000 [ 122.052502][ T29] audit: type=1326 audit(1751848966.265:2422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6333 comm="syz.0.939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ea735e929 code=0x7ffc0000 [ 122.075857][ T29] audit: type=1326 audit(1751848966.265:2423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6333 comm="syz.0.939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ea735e929 code=0x7ffc0000 [ 122.100847][ T29] audit: type=1326 audit(1751848966.265:2424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6333 comm="syz.0.939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4ea735e929 code=0x7ffc0000 [ 122.125530][ T29] audit: type=1326 audit(1751848966.275:2425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6333 comm="syz.0.939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ea735e929 code=0x7ffc0000 [ 122.148904][ T29] audit: type=1326 audit(1751848966.275:2426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6333 comm="syz.0.939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ea735e929 code=0x7ffc0000 [ 122.173631][ T29] audit: type=1326 audit(1751848966.275:2427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6333 comm="syz.0.939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4ea735e929 code=0x7ffc0000 [ 122.198186][ T29] audit: type=1326 audit(1751848966.275:2428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6333 comm="syz.0.939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ea735e929 code=0x7ffc0000 [ 122.207524][ T6322] EXT4-fs (loop4): 1 truncate cleaned up [ 122.233210][ T6163] EXT4-fs error (device loop4): ext4_release_dquot:6969: comm kworker/u8:35: Failed to release dquot type 1 [ 122.245903][ T6322] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 122.266906][ T6320] veth1: left promiscuous mode [ 122.312266][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 122.344663][ T6340] netlink: 8 bytes leftover after parsing attributes in process `syz.4.941'. [ 122.375831][ T6340] netlink: 4 bytes leftover after parsing attributes in process `syz.4.941'. [ 123.095071][ T6365] netlink: 'syz.3.949': attribute type 13 has an invalid length. [ 123.105019][ T6365] gretap0: refused to change device tx_queue_len [ 123.111469][ T6365] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 123.589715][ T6382] loop4: detected capacity change from 0 to 2048 [ 123.647221][ T6382] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 124.592374][ T6398] syz.0.955 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 124.616993][ T6389] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters [ 124.637396][ T6402] loop1: detected capacity change from 0 to 128 [ 124.644591][ T6402] vfat: Unknown parameter 'ÿÿÿÿÿÿÿÿÿÿœ°1†BWhß²¼Œÿ ÄqŸ?mêÜ¢5ç!M…Á†‚HëTA' [ 124.703976][ T6402] loop1: detected capacity change from 0 to 2048 [ 124.808534][ T6405] netlink: 'syz.2.963': attribute type 4 has an invalid length. [ 124.818113][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 124.858254][ T6402] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 125.040444][ T6419] loop3: detected capacity change from 0 to 512 [ 125.050908][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 125.063572][ T6419] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 125.077437][ T6419] ext4 filesystem being mounted at /168/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 125.122668][ T3304] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 125.187473][ T6431] loop3: detected capacity change from 0 to 512 [ 125.196314][ T6431] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 125.207090][ T6431] EXT4-fs error (device loop3): ext4_orphan_get:1393: inode #15: comm syz.3.973: iget: bogus i_mode (5) [ 125.218520][ T6433] loop1: detected capacity change from 0 to 8192 [ 125.219786][ T6431] EXT4-fs error (device loop3): ext4_orphan_get:1398: comm syz.3.973: couldn't read orphan inode 15 (err -117) [ 125.238869][ T6431] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 125.251188][ T6431] ext2 filesystem being mounted at /169/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 125.268141][ T6431] EXT4-fs error (device loop3): ext4_add_entry:2417: inode #2: comm syz.3.973: Directory hole found for htree leaf block 0 [ 125.283984][ T6436] loop1: detected capacity change from 0 to 128 [ 125.296439][ T3304] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 125.298882][ T6436] netlink: zone id is out of range [ 125.310669][ T6436] netlink: set zone limit has 4 unknown bytes [ 125.343928][ T6440] netlink: 4 bytes leftover after parsing attributes in process `syz.1.977'. [ 125.345257][ T6438] random: crng reseeded on system resumption [ 125.408042][ T6445] SELinux: Context system_u:object_r:hald_mac_exec_t:s0 is not valid (left unmapped). [ 125.409430][ T6444] loop1: detected capacity change from 0 to 1024 [ 125.428272][ T6445] loop3: detected capacity change from 0 to 512 [ 125.435293][ T6445] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 125.442627][ T6444] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 125.446500][ T6445] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c118, mo2=0002] [ 125.457129][ T6444] ext4 filesystem being mounted at /205/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 125.464246][ T6445] EXT4-fs error (device loop3): ext4_iget_extra_inode:5035: inode #15: comm syz.3.979: corrupted in-inode xattr: e_value size too large [ 125.483362][ T6444] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 125.490200][ T6445] EXT4-fs error (device loop3): ext4_orphan_get:1398: comm syz.3.979: couldn't read orphan inode 15 (err -117) [ 125.505677][ T6444] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 319 with max blocks 1 with error 28 [ 125.505727][ T6444] EXT4-fs (loop1): This should not happen!! Data will be lost [ 125.505727][ T6444] [ 125.505746][ T6444] EXT4-fs (loop1): Total free blocks count 0 [ 125.505761][ T6444] EXT4-fs (loop1): Free/Dirty block details [ 125.505774][ T6444] EXT4-fs (loop1): free_blocks=4293918720 [ 125.519473][ T6445] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 125.530030][ T6444] EXT4-fs (loop1): dirty_blocks=16 [ 125.530047][ T6444] EXT4-fs (loop1): Block reservation details [ 125.530057][ T6444] EXT4-fs (loop1): i_reserved_data_blocks=1 [ 125.590675][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 125.612228][ T3304] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 125.678002][ T6455] netlink: 'syz.3.982': attribute type 4 has an invalid length. [ 125.718673][ T6461] SELinux: Context Ü is not valid (left unmapped). [ 125.727983][ T6461] SELinux: Context sche is not valid (left unmapped). [ 125.728694][ T6459] program syz.3.984 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 127.216882][ T29] kauditd_printk_skb: 348 callbacks suppressed [ 127.216899][ T29] audit: type=1400 audit(1751848971.545:2776): avc: denied { ioctl } for pid=6555 comm="syz.0.994" path="socket:[15554]" dev="sockfs" ino=15554 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 127.258537][ T2959] IPVS: starting estimator thread 0... [ 127.272673][ T29] audit: type=1400 audit(1751848971.605:2777): avc: denied { mount } for pid=6557 comm="syz.2.996" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 127.305237][ T29] audit: type=1400 audit(1751848971.635:2778): avc: denied { bind } for pid=6555 comm="syz.0.994" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 127.360768][ T6561] IPVS: using max 2064 ests per chain, 103200 per kthread [ 127.366314][ T6567] tipc: Enabled bearer , priority 0 [ 127.380067][ T29] audit: type=1400 audit(1751848971.715:2779): avc: denied { write } for pid=6564 comm="syz.3.998" name="ip_tables_names" dev="proc" ino=4026532928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 127.499224][ T29] audit: type=1400 audit(1751848971.825:2780): avc: denied { create } for pid=6580 comm="syz.4.1004" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 127.527965][ T29] audit: type=1400 audit(1751848971.855:2781): avc: denied { mounton } for pid=6580 comm="syz.4.1004" path="/215/file0" dev="tmpfs" ino=1157 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 127.563767][ T29] audit: type=1400 audit(1751848971.855:2782): avc: denied { mount } for pid=6580 comm="syz.4.1004" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 127.588595][ T29] audit: type=1400 audit(1751848971.925:2783): avc: denied { setattr } for pid=6580 comm="syz.4.1004" name="file0" dev="tmpfs" ino=1157 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 127.784398][ T29] audit: type=1400 audit(1751848972.115:2784): avc: denied { create } for pid=6586 comm="syz.2.1006" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 127.814296][ T29] audit: type=1400 audit(1751848972.145:2785): avc: denied { setattr } for pid=6586 comm="syz.2.1006" name="file0" dev="tmpfs" ino=1165 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 127.905631][ T6592] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1008'. [ 127.948518][ T6596] loop2: detected capacity change from 0 to 512 [ 127.956072][ T6596] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 127.968350][ T6596] EXT4-fs (loop2): 1 truncate cleaned up [ 127.974540][ T6596] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 128.004247][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 128.360737][ T2959] tipc: Node number set to 1911956139 [ 129.666669][ T6647] netlink: 'syz.4.1024': attribute type 4 has an invalid length. [ 129.702001][ T6651] loop1: detected capacity change from 0 to 128 [ 129.708626][ T6651] vfat: Unknown parameter ' ' [ 129.723706][ T6651] loop1: detected capacity change from 0 to 2048 [ 131.357475][ T6678] 9pnet_fd: Insufficient options for proto=fd [ 131.494993][ T6692] loop1: detected capacity change from 0 to 512 [ 131.525377][ T6692] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 131.538846][ T6692] ext4 filesystem being mounted at /217/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 132.134649][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 132.212700][ T6714] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=6714 comm=syz.3.1046 [ 132.256318][ T6717] tipc: Started in network mode [ 132.261382][ T6717] tipc: Node identity ac14140f, cluster identity 4711 [ 132.268593][ T6717] tipc: New replicast peer: 10.1.1.2 [ 132.274098][ T6717] tipc: Enabled bearer , priority 10 [ 132.349791][ T6719] SELinux: Context system_u:object_r:dpkg_lock_t:s0 is not valid (left unmapped). [ 132.359902][ T29] kauditd_printk_skb: 148 callbacks suppressed [ 132.359916][ T29] audit: type=1400 audit(1751848976.695:2934): avc: denied { relabelto } for pid=6718 comm="syz.4.1048" name="file0" dev="tmpfs" ino=1219 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:dpkg_lock_t:s0" [ 132.395066][ T29] audit: type=1400 audit(1751848976.695:2935): avc: denied { associate } for pid=6718 comm="syz.4.1048" name="file0" dev="tmpfs" ino=1219 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:dpkg_lock_t:s0" [ 132.533598][ T6721] tipc: Enabled bearer , priority 0 [ 132.543647][ T6720] tipc: Resetting bearer [ 132.556775][ T6720] tipc: Disabling bearer [ 133.050636][ T29] audit: type=1400 audit(1751848977.375:2936): avc: denied { create } for pid=6734 comm="syz.3.1053" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 133.077237][ T29] audit: type=1400 audit(1751848977.405:2937): avc: denied { mount } for pid=6737 comm="syz.1.1055" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 133.099661][ T29] audit: type=1400 audit(1751848977.405:2938): avc: denied { connect } for pid=6737 comm="syz.1.1055" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 133.127542][ T6743] loop2: detected capacity change from 0 to 1024 [ 133.214550][ T6743] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 133.227570][ T6743] ext4 filesystem being mounted at /225/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 133.251871][ T6743] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 133.269798][ T6743] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 319 with max blocks 1 with error 28 [ 133.274071][ T6755] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1059'. [ 133.282352][ T6743] EXT4-fs (loop2): This should not happen!! Data will be lost [ 133.282352][ T6743] [ 133.282373][ T6743] EXT4-fs (loop2): Total free blocks count 0 [ 133.282390][ T6743] EXT4-fs (loop2): Free/Dirty block details [ 133.282403][ T6743] EXT4-fs (loop2): free_blocks=4293918720 [ 133.282416][ T6743] EXT4-fs (loop2): dirty_blocks=16 [ 133.282431][ T6743] EXT4-fs (loop2): Block reservation details [ 133.282444][ T6743] EXT4-fs (loop2): i_reserved_data_blocks=1 [ 133.369762][ T29] audit: type=1400 audit(1751848977.695:2939): avc: denied { setopt } for pid=6756 comm="syz.1.1060" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 133.391208][ T29] audit: type=1400 audit(1751848977.695:2940): avc: denied { bind } for pid=6756 comm="syz.1.1060" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 133.411022][ T29] audit: type=1400 audit(1751848977.695:2941): avc: denied { write } for pid=6756 comm="syz.1.1060" path="socket:[15174]" dev="sockfs" ino=15174 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 133.436641][ T29] audit: type=1400 audit(1751848977.695:2942): avc: denied { write } for pid=6759 comm="syz.3.1061" name="ppp" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 133.459835][ T29] audit: type=1400 audit(1751848977.695:2943): avc: denied { open } for pid=6759 comm="syz.3.1061" path="/dev/ppp" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 133.485154][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 133.494595][ T6758] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1060'. [ 133.508080][ T6755] bond0 (unregistering): Released all slaves [ 133.642089][ T3558] tipc: Node number set to 2886997007 [ 133.723725][ T6777] netlink: 'syz.0.1069': attribute type 1 has an invalid length. [ 134.025366][ T6777] bond0: entered promiscuous mode [ 134.041527][ T6777] 8021q: adding VLAN 0 to HW filter on device bond0 [ 134.371596][ T6798] loop1: detected capacity change from 0 to 1024 [ 134.517605][ T6798] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 134.531884][ T6798] ext4 filesystem being mounted at /224/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 134.568054][ T6798] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 134.586202][ T6798] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 319 with max blocks 1 with error 28 [ 134.598689][ T6798] EXT4-fs (loop1): This should not happen!! Data will be lost [ 134.598689][ T6798] [ 134.608549][ T6798] EXT4-fs (loop1): Total free blocks count 0 [ 134.614608][ T6798] EXT4-fs (loop1): Free/Dirty block details [ 134.620709][ T6798] EXT4-fs (loop1): free_blocks=4293918720 [ 134.626473][ T6798] EXT4-fs (loop1): dirty_blocks=16 [ 134.631684][ T6798] EXT4-fs (loop1): Block reservation details [ 134.637696][ T6798] EXT4-fs (loop1): i_reserved_data_blocks=1 [ 134.831305][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 135.071855][ T6823] loop3: detected capacity change from 0 to 1024 [ 135.080931][ T6823] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945) [ 135.092519][ T6823] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 135.122613][ T6823] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 135.141218][ T6823] EXT4-fs (loop3): orphan cleanup on readonly fs [ 135.150806][ T6823] EXT4-fs error (device loop3): ext4_read_inode_bitmap:167: comm syz.3.1084: Inode bitmap for bg 0 marked uninitialized [ 135.178564][ T6823] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 135.264545][ T3304] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 136.300240][ T6852] loop3: detected capacity change from 0 to 128 [ 136.312502][ T6852] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 136.325527][ T6852] ext4 filesystem being mounted at /197/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 136.393641][ T3304] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 137.126408][ T6876] loop3: detected capacity change from 0 to 512 [ 137.136417][ T6876] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 137.185243][ T6876] EXT4-fs (loop3): 1 truncate cleaned up [ 137.192625][ T6876] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 137.261336][ T3304] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 139.600018][ T6934] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1115'. [ 139.712307][ T6938] netlink: 'syz.4.1115': attribute type 13 has an invalid length. [ 140.424891][ T6950] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1118'. [ 140.429724][ T29] kauditd_printk_skb: 86 callbacks suppressed [ 140.429746][ T29] audit: type=1400 audit(1751848984.755:3030): avc: denied { write } for pid=6949 comm="syz.0.1118" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 140.460305][ T29] audit: type=1400 audit(1751848984.755:3031): avc: denied { nlmsg_write } for pid=6949 comm="syz.0.1118" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 141.091711][ T6963] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1120'. [ 141.141796][ T6962] loop3: detected capacity change from 0 to 8192 [ 141.154628][ T6966] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1120'. [ 141.186280][ T6970] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1124'. [ 141.305024][ T29] audit: type=1400 audit(1751848985.635:3032): avc: denied { read } for pid=6975 comm="syz.3.1127" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 141.400368][ T29] audit: type=1400 audit(1751848985.725:3033): avc: denied { write } for pid=6975 comm="syz.3.1127" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 141.507705][ T6981] loop1: detected capacity change from 0 to 128 [ 141.593701][ T6981] EXT4-fs: Ignoring removed nobh option [ 141.654588][ T6981] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 141.682600][ T6981] ext4 filesystem being mounted at /235/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 141.734066][ T29] audit: type=1400 audit(1751848986.065:3034): avc: denied { create } for pid=6979 comm="syz.1.1142" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 141.795983][ T3311] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 141.925564][ T7000] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1133'. [ 141.958983][ T29] audit: type=1400 audit(1751848986.285:3035): avc: denied { write } for pid=7002 comm="syz.2.1134" name="virtual_nci" dev="devtmpfs" ino=132 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 142.658670][ T7018] loop3: detected capacity change from 0 to 128 [ 142.678195][ T7019] netlink: 'syz.0.1138': attribute type 4 has an invalid length. [ 142.713898][ T7018] netlink: zone id is out of range [ 142.719162][ T7018] netlink: set zone limit has 4 unknown bytes [ 142.851252][ T7029] loop1: detected capacity change from 0 to 2048 [ 142.944922][ T7029] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 143.099845][ T29] audit: type=1400 audit(1751848987.425:3036): avc: denied { create } for pid=7040 comm="syz.4.1151" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 143.244361][ T29] audit: type=1326 audit(1751848987.575:3037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7045 comm="syz.4.1153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f415d5ee929 code=0x7ffc0000 [ 143.313451][ T29] audit: type=1326 audit(1751848987.605:3038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7045 comm="syz.4.1153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f415d5ee929 code=0x7ffc0000 [ 143.338317][ T29] audit: type=1326 audit(1751848987.605:3039): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7045 comm="syz.4.1153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f415d5ee929 code=0x7ffc0000 [ 143.456462][ T7053] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1155'. [ 143.502492][ T7053] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1155'. [ 143.738797][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 144.108837][ T7056] team0 (unregistering): left allmulticast mode [ 144.118275][ T7056] team0 (unregistering): left promiscuous mode [ 144.124756][ T7056] bridge0: port 1(team0) entered disabled state [ 144.137310][ T7061] netlink: 'syz.3.1159': attribute type 4 has an invalid length. [ 144.697705][ T7070] tipc: Failed to remove unknown binding: 66,1,1/2886997007:375076633/375076635 [ 144.715995][ T7070] tipc: Failed to remove unknown binding: 66,1,1/2886997007:375076633/375076635 [ 144.725194][ T7070] tipc: Failed to remove unknown binding: 66,1,1/2886997007:375076633/375076635 [ 145.854935][ T7083] netlink: 'syz.3.1166': attribute type 39 has an invalid length. [ 145.880015][ T7080] netlink: 52 bytes leftover after parsing attributes in process `'. [ 146.069788][ T29] kauditd_printk_skb: 249 callbacks suppressed [ 146.069803][ T29] audit: type=1400 audit(1751848990.395:3289): avc: denied { append } for pid=7093 comm="syz.1.1172" name="sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 146.106559][ T7100] netlink: 'syz.2.1183': attribute type 4 has an invalid length. [ 146.124322][ T7098] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1173'. [ 146.136553][ T7094] blktrace: Concurrent blktraces are not allowed on sg0 [ 146.193443][ T29] audit: type=1400 audit(1751848990.465:3290): avc: denied { ioctl } for pid=7093 comm="syz.1.1172" path="/dev/sg0" dev="devtmpfs" ino=135 ioctlcmd=0x1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 146.238856][ T7094] loop1: detected capacity change from 0 to 512 [ 146.254052][ T7094] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 146.297706][ T7094] EXT4-fs (loop1): invalid journal inode [ 146.339107][ T7094] EXT4-fs (loop1): can't get journal size [ 146.374070][ T7094] EXT4-fs (loop1): 1 truncate cleaned up [ 146.456232][ T7094] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 146.508151][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 146.943489][ T7102] Set syz1 is full, maxelem 65536 reached [ 147.017231][ T7118] loop1: detected capacity change from 0 to 1024 [ 147.027424][ T7118] EXT4-fs: Ignoring removed orlov option [ 147.080644][ T7115] netlink: 52 bytes leftover after parsing attributes in process `'. [ 147.129258][ T7118] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 147.164096][ T29] audit: type=1400 audit(1751848991.495:3291): avc: denied { write } for pid=7126 comm="syz.3.1182" name="sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 147.164455][ C1] sd 0:0:1:0: [sda] tag#1484 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 147.198206][ C1] sd 0:0:1:0: [sda] tag#1484 CDB: Read(6) 08 00 00 00 80 00 00 00 00 00 00 fe [ 147.809798][ T7149] netlink: 'syz.2.1184': attribute type 39 has an invalid length. [ 148.034765][ T7188] 9pnet_fd: Insufficient options for proto=fd [ 148.058064][ T7187] loop3: detected capacity change from 0 to 512 [ 148.104237][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 148.121414][ T7187] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 148.162284][ T7187] ext4 filesystem being mounted at /218/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 148.199944][ T29] audit: type=1400 audit(1751848992.525:3292): avc: denied { ioctl } for pid=7185 comm="syz.3.1186" path="/dev/raw-gadget" dev="devtmpfs" ino=142 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 148.312510][ T7223] netlink: 'syz.1.1191': attribute type 1 has an invalid length. [ 148.320396][ T7223] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1191'. [ 148.786269][ T3304] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 150.164113][ T7239] loop1: detected capacity change from 0 to 512 [ 150.181713][ T7239] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 150.374721][ T7239] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #16: comm syz.1.1195: invalid indirect mapped block 4294967295 (level 0) [ 150.389962][ T7239] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #16: comm syz.1.1195: invalid indirect mapped block 4294967295 (level 1) [ 150.440616][ T7239] EXT4-fs (loop1): 1 orphan inode deleted [ 150.446543][ T7239] EXT4-fs (loop1): 1 truncate cleaned up [ 150.468783][ T7239] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 150.488164][ T29] audit: type=1400 audit(1751848994.815:3293): avc: denied { connect } for pid=7238 comm="syz.1.1195" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 150.508179][ T29] audit: type=1400 audit(1751848994.835:3294): avc: denied { write } for pid=7238 comm="syz.1.1195" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 150.559925][ T29] audit: type=1400 audit(1751848994.885:3295): avc: denied { read } for pid=7238 comm="syz.1.1195" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 150.606731][ T7245] vlan2: entered promiscuous mode [ 150.611909][ T7245] gretap0: entered promiscuous mode [ 150.711357][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 150.741903][ T7234] Set syz1 is full, maxelem 65536 reached [ 150.755919][ T7248] loop3: detected capacity change from 0 to 512 [ 150.787020][ T7248] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 150.852576][ T7248] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #16: comm syz.3.1208: invalid indirect mapped block 4294967295 (level 0) [ 150.871001][ T7248] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #16: comm syz.3.1208: invalid indirect mapped block 4294967295 (level 1) [ 150.890358][ T7248] EXT4-fs (loop3): 1 orphan inode deleted [ 150.896338][ T7248] EXT4-fs (loop3): 1 truncate cleaned up [ 150.904903][ T7248] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 151.072571][ T3304] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 151.560267][ T7262] loop3: detected capacity change from 0 to 8192 [ 151.666716][ T7271] loop2: detected capacity change from 0 to 1024 [ 151.683640][ T7271] EXT4-fs: Ignoring removed orlov option [ 151.705951][ T7271] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 151.865793][ T7285] loop1: detected capacity change from 0 to 512 [ 151.884601][ T7285] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 151.899933][ T7285] ext4 filesystem being mounted at /248/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 152.225070][ T7312] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1214'. [ 152.513858][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 153.200236][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 153.358319][ T7328] loop2: detected capacity change from 0 to 1024 [ 153.385080][ T7328] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 153.396095][ T7328] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 153.413885][ T7328] JBD2: no valid journal superblock found [ 153.419712][ T7328] EXT4-fs (loop2): Could not load journal inode [ 153.499766][ T7328] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1217'. [ 153.510200][ T7328] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1217'. [ 153.523330][ T7331] netlink: 'syz.3.1218': attribute type 1 has an invalid length. [ 153.532553][ T7331] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1218'. [ 153.543361][ T7328] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1217'. [ 153.595494][ T7333] vlan3: entered promiscuous mode [ 153.600609][ T7333] gretap0: entered promiscuous mode [ 153.704449][ T7328] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1217'. [ 153.714066][ T7328] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1217'. [ 153.803089][ T7328] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1217'. [ 153.944595][ T7328] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1217'. [ 153.954321][ T7328] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1217'. [ 154.071517][ T7339] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 154.092135][ T7339] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 154.354278][ T7351] netlink: 'syz.3.1220': attribute type 1 has an invalid length. [ 154.446324][ T7362] netlink: 'syz.3.1224': attribute type 4 has an invalid length. [ 157.156844][ T29] audit: type=1400 audit(1751849001.485:3296): avc: denied { mount } for pid=7369 comm="syz.2.1228" name="/" dev="autofs" ino=18553 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 157.194786][ T7370] loop2: detected capacity change from 0 to 2048 [ 157.221286][ T7372] loop1: detected capacity change from 0 to 1024 [ 157.232387][ T7372] EXT4-fs (loop1): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 157.297792][ T7370] EXT4-fs: Ignoring removed bh option [ 157.302282][ T7372] EXT4-fs (loop1): can't mount with commit=, fs mounted w/o journal [ 157.303577][ T29] audit: type=1326 audit(1751849001.505:3297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7371 comm="syz.1.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f861fe929 code=0x7ffc0000 [ 157.334703][ T29] audit: type=1326 audit(1751849001.515:3298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7371 comm="syz.1.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8f861fe929 code=0x7ffc0000 [ 157.342817][ T7370] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 157.358144][ T29] audit: type=1326 audit(1751849001.515:3299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7371 comm="syz.1.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f861fe929 code=0x7ffc0000 [ 157.393777][ T29] audit: type=1326 audit(1751849001.515:3300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7371 comm="syz.1.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8f861fe929 code=0x7ffc0000 [ 157.417228][ T29] audit: type=1326 audit(1751849001.515:3301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7371 comm="syz.1.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f861fe929 code=0x7ffc0000 [ 157.440699][ T29] audit: type=1326 audit(1751849001.515:3302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7371 comm="syz.1.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8f861fe929 code=0x7ffc0000 [ 157.464163][ T29] audit: type=1326 audit(1751849001.515:3303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7371 comm="syz.1.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f861fe929 code=0x7ffc0000 [ 157.487788][ T29] audit: type=1326 audit(1751849001.515:3304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7371 comm="syz.1.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8f861fe929 code=0x7ffc0000 [ 157.511405][ T29] audit: type=1326 audit(1751849001.515:3305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7371 comm="syz.1.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f861fe929 code=0x7ffc0000 [ 157.578058][ T7370] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 157.600994][ T7370] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 15 with max blocks 640 with error 28 [ 157.613624][ T7370] EXT4-fs (loop2): This should not happen!! Data will be lost [ 157.613624][ T7370] [ 157.623340][ T7370] EXT4-fs (loop2): Total free blocks count 0 [ 157.629350][ T7370] EXT4-fs (loop2): Free/Dirty block details [ 157.635314][ T7370] EXT4-fs (loop2): free_blocks=2415919104 [ 157.641131][ T7370] EXT4-fs (loop2): dirty_blocks=656 [ 157.646351][ T7370] EXT4-fs (loop2): Block reservation details [ 157.652419][ T7370] EXT4-fs (loop2): i_reserved_data_blocks=41 [ 157.683305][ T7384] vlan0: entered promiscuous mode [ 157.688421][ T7384] gretap0: entered promiscuous mode [ 157.753441][ T6174] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 157.870335][ T7390] blktrace: Concurrent blktraces are not allowed on sg0 [ 158.408772][ T7390] loop2: detected capacity change from 0 to 512 [ 158.438741][ T7390] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 158.503779][ T7390] EXT4-fs (loop2): invalid journal inode [ 158.527933][ T7390] EXT4-fs (loop2): can't get journal size [ 158.569126][ T7390] EXT4-fs (loop2): 1 truncate cleaned up [ 158.633804][ T7390] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 158.776109][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 158.858252][ T7405] vhci_hcd: invalid port number 96 [ 158.863541][ T7405] vhci_hcd: default hub control req: 0000 vfffc i0060 l0 [ 159.707077][ T7428] rdma_rxe: rxe_newlink: failed to add lo [ 159.726404][ T7428] __nla_validate_parse: 11 callbacks suppressed [ 159.726421][ T7428] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1247'. [ 160.254163][ T7449] vhci_hcd: invalid port number 96 [ 160.259344][ T7449] vhci_hcd: default hub control req: 0000 vfffc i0060 l0 [ 160.359745][ T7460] netlink: 'syz.3.1257': attribute type 4 has an invalid length. [ 161.057059][ T7558] netlink: '¬í': attribute type 10 has an invalid length. [ 161.075678][ T7558] bond0: (slave dummy0): Releasing backup interface [ 161.092516][ T7558] dummy0: entered promiscuous mode [ 161.104502][ T7558] dummy0: entered allmulticast mode [ 161.111572][ T7571] netlink: 'syz.4.1261': attribute type 10 has an invalid length. [ 161.122537][ T7569] siw: device registration error -23 [ 161.126560][ T7558] team0: Port device dummy0 added [ 161.141984][ T7571] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 161.199696][ T7571] dummy0: left promiscuous mode [ 161.223120][ T7571] dummy0: left allmulticast mode [ 161.233631][ T7571] team0: Failed to send options change via netlink (err -105) [ 161.345448][ T7571] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 161.355417][ T7571] team0: Port device dummy0 removed [ 161.363244][ T7571] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 161.524555][ T7593] loop3: detected capacity change from 0 to 2048 [ 161.600461][ T7593] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 162.589595][ T29] kauditd_printk_skb: 80 callbacks suppressed [ 162.589612][ T29] audit: type=1400 audit(1751849006.915:3386): avc: denied { ioctl } for pid=7609 comm="syz.0.1284" path="socket:[19689]" dev="sockfs" ino=19689 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 162.626592][ T7610] tipc: Started in network mode [ 162.631690][ T7610] tipc: Node identity ac14140f, cluster identity 4711 [ 162.645860][ T7610] tipc: New replicast peer: 255.255.255.255 [ 162.653604][ T7610] tipc: Enabled bearer , priority 10 [ 162.746674][ T7615] loop2: detected capacity change from 0 to 512 [ 162.754607][ T29] audit: type=1326 audit(1751849007.095:3387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7616 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f861fe929 code=0x7ffc0000 [ 162.779001][ T29] audit: type=1326 audit(1751849007.095:3388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7616 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f861fe929 code=0x7ffc0000 [ 162.803385][ T29] audit: type=1326 audit(1751849007.095:3389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7616 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=26 compat=0 ip=0x7f8f861fe929 code=0x7ffc0000 [ 162.826509][ T29] audit: type=1326 audit(1751849007.095:3390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7616 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f861fe929 code=0x7ffc0000 [ 162.850869][ T29] audit: type=1326 audit(1751849007.095:3391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7616 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f861fe929 code=0x7ffc0000 [ 162.878104][ T7615] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 162.901627][ T29] audit: type=1326 audit(1751849007.215:3392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7616 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f8f861fe929 code=0x7ffc0000 [ 162.903771][ T7618] : renamed from hsr0 [ 162.924488][ T29] audit: type=1326 audit(1751849007.215:3393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7616 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f861fe929 code=0x7ffc0000 [ 162.924556][ T29] audit: type=1326 audit(1751849007.215:3394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7616 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f861fe929 code=0x7ffc0000 [ 162.924631][ T29] audit: type=1326 audit(1751849007.215:3395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7616 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f8f861fe929 code=0x7ffc0000 [ 163.002577][ T3304] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 163.013038][ T7615] EXT4-fs (loop2): 1 truncate cleaned up [ 163.019115][ T7615] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 163.082584][ T7626] siw: device registration error -23 [ 163.114032][ T7628] smc: net device bond0 applied user defined pnetid SYZ2 [ 163.197913][ T7633] netlink: 'syz.1.1281': attribute type 1 has an invalid length. [ 163.206435][ T7633] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1281'. [ 163.602458][ T7644] netlink: 'syz.0.1283': attribute type 13 has an invalid length. [ 163.640962][ T7644] gretap0: refused to change device tx_queue_len [ 163.647406][ T7644] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 163.712726][ T7647] 9pnet_fd: Insufficient options for proto=fd [ 163.717099][ T3400] tipc: Node number set to 2886997007 [ 163.780258][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 163.838589][ T7649] tipc: New replicast peer: 255.255.255.255 [ 163.844739][ T7649] tipc: Enabled bearer , priority 10 [ 163.933214][ T7658] netlink: '¬í': attribute type 10 has an invalid length. [ 163.946398][ T7658] team0: Port device dummy0 added [ 163.954300][ T7658] netlink: '¬í': attribute type 10 has an invalid length. [ 163.963169][ T7658] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 163.974209][ T7658] team0: Failed to send options change via netlink (err -105) [ 163.988211][ T7658] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 164.005708][ T7658] team0: Port device dummy0 removed [ 164.188434][ T7665] siw: device registration error -23 [ 165.129828][ T7671] loop2: detected capacity change from 0 to 8192 [ 165.939686][ T7680] netlink: 'syz.3.1299': attribute type 4 has an invalid length. [ 166.104282][ T7686] netlink: 'syz.1.1300': attribute type 13 has an invalid length. [ 166.120499][ T7686] erspan0: refused to change device tx_queue_len [ 166.124761][ T7687] loop3: detected capacity change from 0 to 1764 [ 166.127704][ T7686] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 166.151803][ T7689] loop2: detected capacity change from 0 to 128 [ 166.164476][ T7689] netlink: zone id is out of range [ 166.169735][ T7689] netlink: set zone limit has 4 unknown bytes [ 166.206091][ T7695] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1304'. [ 166.256766][ T7693] loop1: detected capacity change from 0 to 8192 [ 167.360203][ T7722] netlink: 'syz.3.1311': attribute type 1 has an invalid length. [ 167.403504][ T7722] bond2: entered promiscuous mode [ 167.420757][ T7722] 8021q: adding VLAN 0 to HW filter on device bond2 [ 167.496932][ T7732] loop1: detected capacity change from 0 to 1024 [ 167.511290][ T7732] EXT4-fs: Ignoring removed nobh option [ 167.516959][ T7732] EXT4-fs: Ignoring removed bh option [ 167.575477][ T7732] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 167.603548][ T29] kauditd_printk_skb: 27 callbacks suppressed [ 167.603565][ T29] audit: type=1400 audit(1751849011.935:3423): avc: denied { validate_trans } for pid=7731 comm="syz.1.1315" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 167.649365][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 167.671810][ T29] audit: type=1326 audit(1751849011.995:3424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7741 comm="syz.0.1329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ea735e929 code=0x7ffc0000 [ 167.709765][ T29] audit: type=1326 audit(1751849012.025:3425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7741 comm="syz.0.1329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4ea735e929 code=0x7ffc0000 [ 167.734741][ T29] audit: type=1326 audit(1751849012.025:3426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7741 comm="syz.0.1329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ea735e929 code=0x7ffc0000 [ 167.758473][ T29] audit: type=1326 audit(1751849012.025:3427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7741 comm="syz.0.1329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ea735e929 code=0x7ffc0000 [ 167.783402][ T29] audit: type=1326 audit(1751849012.025:3428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7741 comm="syz.0.1329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f4ea735e929 code=0x7ffc0000 [ 167.807138][ T29] audit: type=1326 audit(1751849012.025:3429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7741 comm="syz.0.1329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ea735e929 code=0x7ffc0000 [ 167.832078][ T29] audit: type=1326 audit(1751849012.025:3430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7743 comm="syz.0.1329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f4ea73911e5 code=0x7ffc0000 [ 167.845964][ T7749] loop1: detected capacity change from 0 to 512 [ 167.855855][ T29] audit: type=1326 audit(1751849012.035:3431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7741 comm="syz.0.1329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7f4ea735e929 code=0x7ffc0000 [ 167.886746][ T29] audit: type=1326 audit(1751849012.035:3432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7741 comm="syz.0.1329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ea735e929 code=0x7ffc0000 [ 167.893782][ T7749] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.1319: Failed to acquire dquot type 1 [ 167.922652][ T7749] EXT4-fs (loop1): 1 truncate cleaned up [ 167.928805][ T7749] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 167.943844][ T7749] ext4 filesystem being mounted at /268/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 168.009145][ T7753] 9pnet_fd: Insufficient options for proto=fd [ 168.072267][ T7758] netlink: 14 bytes leftover after parsing attributes in process `syz.4.1323'. [ 168.087354][ T7758] bond0 (unregistering): (slave dummy0): Releasing backup interface [ 168.097469][ T7758] bond0 (unregistering): Released all slaves [ 168.220118][ T7771] netlink: 'syz.4.1327': attribute type 1 has an invalid length. [ 168.267139][ T7771] bond0: entered promiscuous mode [ 168.283589][ T7771] 8021q: adding VLAN 0 to HW filter on device bond0 [ 168.295248][ T7774] loop2: detected capacity change from 0 to 1024 [ 168.321746][ T7774] EXT4-fs: Ignoring removed orlov option [ 168.342145][ T7774] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 168.373110][ T7780] netlink: 'syz.3.1331': attribute type 27 has an invalid length. [ 168.384915][ T7780] erspan0: left allmulticast mode [ 168.394902][ T7780] veth3: left promiscuous mode [ 168.404954][ T7780] bond2: left promiscuous mode [ 168.445361][ T7780] 8021q: adding VLAN 0 to HW filter on device bond0 [ 168.454846][ T7780] 8021q: adding VLAN 0 to HW filter on device team0 [ 168.472394][ T7780] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 168.491900][ T7786] tipc: Enabling of bearer rejected, failed to enable media [ 168.502276][ T7787] loop3: detected capacity change from 0 to 512 [ 168.509043][ T7784] netlink: 'syz.4.1333': attribute type 4 has an invalid length. [ 168.532979][ T7787] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 168.542878][ T7787] EXT4-fs (loop3): orphan cleanup on readonly fs [ 168.570185][ T7787] EXT4-fs error (device loop3): ext4_do_update_inode:5568: inode #16: comm syz.3.1331: corrupted inode contents [ 168.601134][ T7787] EXT4-fs error (device loop3): ext4_dirty_inode:6459: inode #16: comm syz.3.1331: mark_inode_dirty error [ 168.629054][ T7787] EXT4-fs error (device loop3): ext4_do_update_inode:5568: inode #16: comm syz.3.1331: corrupted inode contents [ 168.684364][ T7787] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #16: comm syz.3.1331: mark_inode_dirty error [ 168.719089][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 168.721725][ T7787] EXT4-fs error (device loop3): ext4_do_update_inode:5568: inode #16: comm syz.3.1331: corrupted inode contents [ 168.777408][ T7787] EXT4-fs error (device loop3) in ext4_orphan_del:305: Corrupt filesystem [ 168.805296][ T7787] EXT4-fs error (device loop3): ext4_do_update_inode:5568: inode #16: comm syz.3.1331: corrupted inode contents [ 168.872567][ T7787] EXT4-fs error (device loop3): ext4_truncate:4597: inode #16: comm syz.3.1331: mark_inode_dirty error [ 168.923830][ T7787] EXT4-fs error (device loop3) in ext4_process_orphan:347: Corrupt filesystem [ 168.960385][ T7787] EXT4-fs (loop3): 1 truncate cleaned up [ 169.315441][ T6168] EXT4-fs error (device loop3): ext4_release_dquot:6969: comm kworker/u8:38: Failed to release dquot type 1 [ 169.339371][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 169.353334][ T7787] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 169.383343][ T7806] netlink: 14 bytes leftover after parsing attributes in process `syz.2.1340'. [ 169.412273][ T7806] bond0 (unregistering): (slave bridge0): Releasing backup interface [ 169.424825][ T7806] bond0 (unregistering): Released all slaves [ 169.449221][ T3304] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 169.698729][ T7819] siw: device registration error -23 [ 169.705420][ T7819] 9pnet_fd: Insufficient options for proto=fd [ 169.766282][ T7823] netlink: 'syz.2.1344': attribute type 1 has an invalid length. [ 169.827675][ T7826] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1344'. [ 169.897943][ T7823] bond0 (unregistering): Released all slaves [ 170.140834][ T7832] loop2: detected capacity change from 0 to 512 [ 170.447607][ T7843] 9pnet: p9_errstr2errno: server reported unknown error [ 170.793065][ T7851] netlink: 'syz.0.1353': attribute type 27 has an invalid length. [ 170.806409][ T7851] bond0: left promiscuous mode [ 170.826675][ T7851] 8021q: adding VLAN 0 to HW filter on device team0 [ 170.836811][ T7851] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 171.324553][ T7864] SELinux: Context system_u:object_r:fsadm_exec_t:s0 is not valid (left unmapped). [ 171.568296][ T3400] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 171.586651][ T7881] loop3: detected capacity change from 0 to 1024 [ 171.593868][ T7881] EXT4-fs: Ignoring removed nomblk_io_submit option [ 171.595826][ T3400] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 171.613722][ T7881] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 171.647220][ T7881] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 171.665447][ T7870] xt_hashlimit: size too large, truncated to 1048576 [ 171.791143][ T3304] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 172.321570][ T7897] netlink: 'syz.4.1371': attribute type 10 has an invalid length. [ 172.445433][ T7906] SELinux: failed to load policy [ 172.652667][ T7901] vhci_hcd: default hub control req: 2318 v0011 i0002 l0 [ 172.899221][ T7945] loop3: detected capacity change from 0 to 2048 [ 172.949565][ T7945] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 172.980891][ T7945] netlink: 8 bytes leftover after parsing attributes in process `'. [ 173.348486][ T7945] ip6gre1: entered allmulticast mode [ 173.562035][ T3304] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 173.704290][ T7988] netlink: 'syz.4.1384': attribute type 4 has an invalid length. [ 173.765958][ T29] kauditd_printk_skb: 101 callbacks suppressed [ 173.765977][ T29] audit: type=1400 audit(1751849018.095:3531): avc: denied { bind } for pid=7996 comm="syz.1.1386" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 173.781147][ T7997] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1386'. [ 173.840488][ T29] audit: type=1400 audit(1751849018.165:3532): avc: denied { accept } for pid=8005 comm="syz.3.1389" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 173.867432][ T29] audit: type=1400 audit(1751849018.195:3533): avc: denied { ioctl } for pid=8009 comm="syz.1.1391" path="socket:[19346]" dev="sockfs" ino=19346 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 173.894163][ T29] audit: type=1400 audit(1751849018.195:3534): avc: denied { write } for pid=8009 comm="syz.1.1391" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 173.915743][ T29] audit: type=1400 audit(1751849018.255:3535): avc: denied { create } for pid=8006 comm="syz.4.1390" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 173.950732][ T29] audit: type=1326 audit(1751849018.275:3536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8003 comm="syz.2.1388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63d5aee929 code=0x7ffc0000 [ 173.974151][ T8015] tipc: Enabled bearer , priority 0 [ 173.976333][ T8015] syzkaller0: entered promiscuous mode [ 173.982422][ T29] audit: type=1326 audit(1751849018.275:3537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8003 comm="syz.2.1388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63d5aee929 code=0x7ffc0000 [ 173.987894][ T8015] syzkaller0: entered allmulticast mode [ 174.018441][ T29] audit: type=1326 audit(1751849018.275:3538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8003 comm="syz.2.1388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f63d5aee929 code=0x7ffc0000 [ 174.043590][ T29] audit: type=1326 audit(1751849018.275:3539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8003 comm="syz.2.1388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63d5aee929 code=0x7ffc0000 [ 174.067202][ T29] audit: type=1326 audit(1751849018.275:3540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8003 comm="syz.2.1388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63d5aee929 code=0x7ffc0000 [ 174.111831][ T8015] tipc: Resetting bearer [ 174.119116][ T8014] tipc: Resetting bearer [ 174.132993][ T8014] tipc: Disabling bearer [ 174.134123][ T8020] netlink: 'syz.2.1394': attribute type 1 has an invalid length. [ 174.157508][ T8020] 8021q: adding VLAN 0 to HW filter on device bond0 [ 174.171562][ T8020] vlan0: entered allmulticast mode [ 174.176759][ T8020] bond0: entered allmulticast mode [ 174.207395][ T8023] x_tables: ip6_tables: tcpmss match: only valid for protocol 6 [ 174.384052][ T8028] loop1: detected capacity change from 0 to 1024 [ 174.991866][ T8039] loop2: detected capacity change from 0 to 764 [ 175.000316][ T8039] iso9660: Unknown parameter 'page_pool_release' [ 175.220051][ T8049] bond3: entered promiscuous mode [ 175.225317][ T8049] bond3: entered allmulticast mode [ 175.246029][ T8049] 8021q: adding VLAN 0 to HW filter on device bond3 [ 175.268001][ T8049] bond3 (unregistering): Released all slaves [ 175.306240][ T8059] netlink: 'syz.2.1405': attribute type 4 has an invalid length. [ 176.057148][ T8079] netlink: 'syz.2.1411': attribute type 4 has an invalid length. [ 176.453077][ T8090] netlink: 'syz.1.1417': attribute type 4 has an invalid length. [ 176.515101][ T8095] loop2: detected capacity change from 0 to 2048 [ 176.548748][ T8097] loop1: detected capacity change from 0 to 1024 [ 176.557978][ T8097] EXT4-fs: Ignoring removed orlov option [ 176.567313][ T8095] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 176.585672][ T8095] netlink: 8 bytes leftover after parsing attributes in process `'. [ 176.590242][ T8097] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 176.867867][ T8095] ip6gre2: entered allmulticast mode [ 177.580248][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 177.591404][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 177.604274][ T8106] netlink: 'syz.0.1422': attribute type 4 has an invalid length. [ 177.958677][ T8094] Set syz1 is full, maxelem 65536 reached [ 178.123937][ T8122] wg2: entered promiscuous mode [ 178.128955][ T8122] wg2: entered allmulticast mode [ 178.131323][ T8124] 9pnet_virtio: no channels available for device 127.0.0.1 [ 178.186691][ T8132] netlink: 'syz.4.1429': attribute type 4 has an invalid length. [ 178.332551][ T8139] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1432'. [ 178.341672][ T8139] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1432'. [ 178.350649][ T8139] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1432'. [ 178.392315][ T8139] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1432'. [ 178.425084][ T8144] loop1: detected capacity change from 0 to 512 [ 178.433227][ T8144] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 178.461668][ T8144] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 178.481910][ T8144] ext4 filesystem being mounted at /286/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 178.504227][ T8144] EXT4-fs error (device loop1): ext4_xattr_block_get:593: inode #15: comm syz.1.1433: corrupted xattr block 19: overlapping e_value [ 178.541824][ T8144] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop1 ino=15 [ 178.571277][ T8148] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1433'. [ 178.588442][ T8144] EXT4-fs error (device loop1): ext4_xattr_block_get:593: inode #15: comm syz.1.1433: corrupted xattr block 19: overlapping e_value [ 178.636711][ T8144] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop1 ino=15 [ 178.656398][ T8148] $Hÿ: left promiscuous mode [ 178.666309][ T8144] EXT4-fs error (device loop1): ext4_xattr_block_get:593: inode #15: comm syz.1.1433: corrupted xattr block 19: overlapping e_value [ 178.682922][ T8148] 8021q: adding VLAN 0 to HW filter on device $Hÿ [ 178.700164][ T8148] A link change request failed with some changes committed already. Interface 60ªX¹¦À may have been left with an inconsistent configuration, please check. [ 178.702987][ T8155] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1438'. [ 178.724951][ T8151] netlink: 76 bytes leftover after parsing attributes in process `syz.4.1437'. [ 178.739000][ T8156] bond2: (slave erspan0): Releasing active interface [ 178.741499][ T3379] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 178.757264][ T8156] team0: left allmulticast mode [ 178.763705][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 178.774760][ T8156] team0: left promiscuous mode [ 178.786794][ T8156] bridge0: port 1(team0) entered disabled state [ 178.796073][ T8156] bond2: (slave veth1): Releasing active interface [ 178.830991][ T3379] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 178.832087][ T8155] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1438'. [ 178.860650][ T29] kauditd_printk_skb: 63 callbacks suppressed [ 178.866859][ T29] audit: type=1326 audit(1751849023.185:3604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8162 comm="syz.4.1440" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f415d5ee929 code=0x7ffc0000 [ 178.890394][ T29] audit: type=1326 audit(1751849023.185:3605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8162 comm="syz.4.1440" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f415d5ee929 code=0x7ffc0000 [ 178.935924][ T29] audit: type=1326 audit(1751849023.245:3606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8162 comm="syz.4.1440" exe="/root/syz-executor" sig=0 arch=c000003e syscall=82 compat=0 ip=0x7f415d5ee929 code=0x7ffc0000 [ 178.959528][ T29] audit: type=1326 audit(1751849023.245:3607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8162 comm="syz.4.1440" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f415d5ee929 code=0x7ffc0000 [ 178.983207][ T29] audit: type=1326 audit(1751849023.245:3608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8162 comm="syz.4.1440" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f415d5ee929 code=0x7ffc0000 [ 179.006883][ T29] audit: type=1326 audit(1751849023.265:3609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8162 comm="syz.4.1440" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f415d5ee929 code=0x7ffc0000 [ 179.030414][ T29] audit: type=1326 audit(1751849023.265:3610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8162 comm="syz.4.1440" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f415d5ee929 code=0x7ffc0000 [ 179.053947][ T29] audit: type=1326 audit(1751849023.265:3611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8162 comm="syz.4.1440" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f415d5ee929 code=0x7ffc0000 [ 179.079240][ T8165] loop1: detected capacity change from 0 to 256 [ 179.087998][ T29] audit: type=1326 audit(1751849023.325:3612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8162 comm="syz.4.1440" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f415d5ee929 code=0x7ffc0000 [ 179.111546][ T29] audit: type=1326 audit(1751849023.325:3613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8162 comm="syz.4.1440" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f415d5ee929 code=0x7ffc0000 [ 179.138892][ T8165] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000804) [ 179.146847][ T8165] FAT-fs (loop1): Filesystem has been set read-only [ 179.213309][ T8168] netlink: 'syz.4.1442': attribute type 4 has an invalid length. [ 179.300711][ T8173] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1444'. [ 179.847554][ T175] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 180.436700][ T8202] xt_hashlimit: max too large, truncated to 1048576 [ 180.530268][ T8209] netlink: 'syz.0.1457': attribute type 4 has an invalid length. [ 180.539534][ T8211] Invalid ELF header magic: != ELF [ 180.645608][ T8215] netlink: 'syz.4.1458': attribute type 4 has an invalid length. [ 180.662929][ T8215] netlink: 'syz.4.1458': attribute type 4 has an invalid length. [ 180.890917][ T6190] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 180.898820][ T6190] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 180.907381][ T8245] netlink: 'syz.1.1470': attribute type 4 has an invalid length. [ 180.939598][ T8247] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=8247 comm=syz.4.1471 [ 181.210093][ T8261] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1476'. [ 181.300779][ T2959] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 181.437416][ T8280] netlink: 'syz.1.1482': attribute type 4 has an invalid length. [ 182.022282][ T8296] Set syz1 is full, maxelem 65536 reached [ 182.289933][ T8304] netlink: 'syz.3.1492': attribute type 3 has an invalid length. [ 182.344389][ T8307] netlink: 'syz.1.1493': attribute type 4 has an invalid length. [ 182.441553][ T8311] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 182.460116][ T8311] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 182.697856][ T8311] loop3: detected capacity change from 0 to 128 [ 182.738175][ T8311] bio_check_eod: 102 callbacks suppressed [ 182.738192][ T8311] syz.3.1495: attempt to access beyond end of device [ 182.738192][ T8311] loop3: rw=2049, sector=140, nr_sectors = 8 limit=128 [ 182.779904][ T8311] syz.3.1495: attempt to access beyond end of device [ 182.779904][ T8311] loop3: rw=2049, sector=156, nr_sectors = 1 limit=128 [ 182.794103][ T8311] buffer_io_error: 2 callbacks suppressed [ 182.794184][ T8311] Buffer I/O error on dev loop3, logical block 156, lost async page write [ 182.826277][ T8321] loop2: detected capacity change from 0 to 512 [ 182.840409][ T8311] syz.3.1495: attempt to access beyond end of device [ 182.840409][ T8311] loop3: rw=2049, sector=157, nr_sectors = 1 limit=128 [ 182.854639][ T8311] Buffer I/O error on dev loop3, logical block 157, lost async page write [ 182.862275][ T8321] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 182.890074][ T8311] syz.3.1495: attempt to access beyond end of device [ 182.890074][ T8311] loop3: rw=2049, sector=158, nr_sectors = 1 limit=128 [ 182.904355][ T8311] Buffer I/O error on dev loop3, logical block 158, lost async page write [ 182.928048][ T8321] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 182.938224][ T8311] syz.3.1495: attempt to access beyond end of device [ 182.938224][ T8311] loop3: rw=2049, sector=159, nr_sectors = 1 limit=128 [ 182.954634][ T8311] Buffer I/O error on dev loop3, logical block 159, lost async page write [ 182.981566][ T8321] ext4 filesystem being mounted at /299/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 183.011303][ T8311] syz.3.1495: attempt to access beyond end of device [ 183.011303][ T8311] loop3: rw=2049, sector=160, nr_sectors = 1 limit=128 [ 183.024875][ T8311] Buffer I/O error on dev loop3, logical block 160, lost async page write [ 183.038833][ T8311] syz.3.1495: attempt to access beyond end of device [ 183.038833][ T8311] loop3: rw=2049, sector=161, nr_sectors = 1 limit=128 [ 183.039182][ T8321] EXT4-fs error (device loop2): ext4_xattr_block_get:593: inode #15: comm syz.2.1498: corrupted xattr block 19: overlapping e_value [ 183.052407][ T8311] Buffer I/O error on dev loop3, logical block 161, lost async page write [ 183.052786][ T8311] syz.3.1495: attempt to access beyond end of device [ 183.052786][ T8311] loop3: rw=2049, sector=132, nr_sectors = 1 limit=128 [ 183.052868][ T8311] Buffer I/O error on dev loop3, logical block 132, lost async page write [ 183.052889][ T8311] syz.3.1495: attempt to access beyond end of device [ 183.052889][ T8311] loop3: rw=2049, sector=133, nr_sectors = 1 limit=128 [ 183.052910][ T8311] Buffer I/O error on dev loop3, logical block 133, lost async page write [ 183.052940][ T8311] syz.3.1495: attempt to access beyond end of device [ 183.052940][ T8311] loop3: rw=2049, sector=150, nr_sectors = 1 limit=128 [ 183.052962][ T8311] Buffer I/O error on dev loop3, logical block 150, lost async page write [ 183.052984][ T8311] Buffer I/O error on dev loop3, logical block 151, lost async page write [ 183.281013][ T8321] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop2 ino=15 [ 183.290149][ T8321] EXT4-fs error (device loop2): ext4_xattr_block_get:593: inode #15: comm syz.2.1498: corrupted xattr block 19: overlapping e_value [ 183.333075][ T8321] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop2 ino=15 [ 183.351621][ T8321] EXT4-fs error (device loop2): ext4_xattr_block_get:593: inode #15: comm syz.2.1498: corrupted xattr block 19: overlapping e_value [ 183.381956][ T8321] EXT4-fs error (device loop2): ext4_xattr_block_get:593: inode #15: comm syz.2.1498: corrupted xattr block 19: overlapping e_value [ 183.423411][ T8321] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop2 ino=15 [ 183.492110][ T8331] netlink: 'syz.1.1501': attribute type 4 has an invalid length. [ 183.506468][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 183.512352][ T8333] netlink: 'syz.0.1502': attribute type 1 has an invalid length. [ 183.529457][ T8333] 8021q: adding VLAN 0 to HW filter on device bond3 [ 183.561849][ T8333] 8021q: adding VLAN 0 to HW filter on device bond3 [ 183.569508][ T8333] bond3: (slave vxcan3): The slave device specified does not support setting the MAC address [ 183.603411][ T8333] bond3: (slave vxcan3): Error -95 calling set_mac_address [ 183.616196][ T8336] netlink: 'syz.1.1504': attribute type 4 has an invalid length. [ 183.626269][ T8344] veth5: entered promiscuous mode [ 183.632878][ T8344] bond3: (slave veth5): Enslaving as an active interface with a down link [ 183.669546][ T8344] __nla_validate_parse: 3 callbacks suppressed [ 183.669569][ T8344] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1502'. [ 183.696254][ T8344] 8021q: adding VLAN 0 to HW filter on device bond3 [ 183.869993][ T8359] netlink: zone id is out of range [ 183.875961][ T8359] netlink: zone id is out of range [ 183.882081][ T8359] netlink: zone id is out of range [ 183.887265][ T8359] netlink: zone id is out of range [ 183.892986][ T8359] netlink: zone id is out of range [ 183.898239][ T8360] loop3: detected capacity change from 0 to 128 [ 183.898288][ T8359] netlink: zone id is out of range [ 183.910537][ T8359] netlink: zone id is out of range [ 183.916469][ T8359] netlink: zone id is out of range [ 183.921706][ T8360] vfat: Unknown parameter 'xœìÝÍk3EÀñ_b’&)mrEA:Ø‹^–6zƒ´ ' [ 183.921794][ T8359] netlink: zone id is out of range [ 183.994433][ T8362] SET target dimension over the limit! [ 184.045392][ T29] kauditd_printk_skb: 121 callbacks suppressed [ 184.045410][ T29] audit: type=1400 audit(1751849028.375:3735): avc: denied { write } for pid=8363 comm="syz.3.1512" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 184.111100][ T8364] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8) [ 184.117704][ T8364] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 184.125278][ T8364] vhci_hcd vhci_hcd.0: Device attached [ 184.201931][ T8366] vhci_hcd: connection closed [ 184.202405][ T175] vhci_hcd: stop threads [ 184.211525][ T175] vhci_hcd: release socket [ 184.215984][ T175] vhci_hcd: disconnect device [ 184.227068][ T8359] netlink: zone id is out of range [ 184.552059][ T8374] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1514'. [ 184.690803][ T8387] netlink: 'syz.1.1516': attribute type 1 has an invalid length. [ 184.893680][ T8403] geneve1: entered promiscuous mode [ 184.929160][ T8403] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1525'. [ 184.945756][ T8403] geneve1 (unregistering): left promiscuous mode [ 184.970758][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 185.534064][ T29] audit: type=1400 audit(1751849029.865:3736): avc: denied { mount } for pid=8417 comm="syz.4.1531" name="/" dev="selinuxfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=filesystem permissive=1 [ 185.563790][ T29] audit: type=1400 audit(1751849029.895:3737): avc: denied { mount } for pid=8417 comm="syz.4.1531" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 185.708453][ T8424] netlink: 'syz.1.1533': attribute type 27 has an invalid length. [ 185.726551][ T8425] SET target dimension over the limit! [ 185.771924][ T8427] loop3: detected capacity change from 0 to 512 [ 185.780006][ T8427] journal_path: Lookup failure for './file0/../file0' [ 185.786922][ T8427] EXT4-fs: error: could not find journal device path [ 185.834075][ T8424] veth0_vlan: left allmulticast mode [ 185.864228][ T8428] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1534'. [ 185.890264][ T8424] veth3: left promiscuous mode [ 186.114816][ T29] audit: type=1400 audit(1751849030.445:3738): avc: denied { create } for pid=8431 comm="syz.0.1535" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 186.175818][ T29] audit: type=1400 audit(1751849030.495:3739): avc: denied { write } for pid=8431 comm="syz.0.1535" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 186.359567][ T29] audit: type=1400 audit(1751849030.675:3740): avc: denied { bind } for pid=8421 comm="syz.4.1532" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 186.438553][ T8434] ================================================================== [ 186.446714][ T8434] BUG: KCSAN: data-race in __bpf_get_stackid / bcmp [ 186.453335][ T8434] [ 186.455683][ T8434] write to 0xffff888128a3a190 of 160 bytes by task 3307 on cpu 1: [ 186.463507][ T8434] __bpf_get_stackid+0x761/0x800 [ 186.468481][ T8434] bpf_get_stackid+0xee/0x120 [ 186.473190][ T8434] bpf_get_stackid_raw_tp+0xf6/0x120 [ 186.478501][ T8434] bpf_prog_e6fc920cfeff8120+0x2a/0x32 [ 186.484001][ T8434] bpf_trace_run2+0x104/0x1c0 [ 186.488704][ T8434] __traceiter_kfree+0x2e/0x50 [ 186.493510][ T8434] kfree+0x27b/0x320 [ 186.497437][ T8434] selinux_netlbl_sk_security_free+0x18b/0x1d0 [ 186.503628][ T8434] selinux_sk_free_security+0x3b/0x50 [ 186.509037][ T8434] security_sk_free+0x65/0x80 [ 186.513747][ T8434] __sk_destruct+0x353/0x480 [ 186.518368][ T8434] __sk_free+0x227/0x270 [ 186.522641][ T8434] sk_free+0x39/0x80 [ 186.526569][ T8434] tcp_close+0x8d/0xd0 [ 186.530667][ T8434] inet_release+0xce/0xf0 [ 186.535039][ T8434] sock_close+0x6b/0x150 [ 186.539303][ T8434] __fput+0x29b/0x650 [ 186.543326][ T8434] fput_close_sync+0x6e/0x120 [ 186.548028][ T8434] __x64_sys_close+0x56/0xf0 [ 186.552655][ T8434] x64_sys_call+0x2747/0x2fb0 [ 186.557355][ T8434] do_syscall_64+0xd2/0x200 [ 186.561893][ T8434] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 186.567811][ T8434] [ 186.570149][ T8434] read to 0xffff888128a3a1e0 of 8 bytes by task 8434 on cpu 0: [ 186.577711][ T8434] bcmp+0x23/0x90 [ 186.581370][ T8434] __bpf_get_stackid+0x371/0x800 [ 186.586347][ T8434] bpf_get_stackid+0xee/0x120 [ 186.591049][ T8434] bpf_get_stackid_raw_tp+0xf6/0x120 [ 186.596360][ T8434] bpf_prog_e6fc920cfeff8120+0x2a/0x32 [ 186.601840][ T8434] bpf_trace_run2+0x104/0x1c0 [ 186.606543][ T8434] __traceiter_kfree+0x2e/0x50 [ 186.611348][ T8434] kfree+0x27b/0x320 [ 186.615363][ T8434] ___sys_recvmsg+0x135/0x370 [ 186.620077][ T8434] do_recvmmsg+0x1ef/0x540 [ 186.624515][ T8434] __x64_sys_recvmmsg+0xe5/0x170 [ 186.629496][ T8434] x64_sys_call+0x1c6a/0x2fb0 [ 186.634202][ T8434] do_syscall_64+0xd2/0x200 [ 186.638739][ T8434] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 186.644654][ T8434] [ 186.646988][ T8434] value changed: 0xffffffff81000130 -> 0xffffffff84451309 [ 186.654128][ T8434] [ 186.656468][ T8434] Reported by Kernel Concurrency Sanitizer on: [ 186.662654][ T8434] CPU: 0 UID: 0 PID: 8434 Comm: syz.4.1532 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(voluntary) [ 186.673354][ T8434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 186.683444][ T8434] ================================================================== [ 186.753212][ T3400] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 186.763964][ T3400] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz0